serverExecutablePath can only be set globally since 1.3.0

[nc6]

For some projects, I have an overridden haskell-language-server script in the project that sets up the environment correctly (in particular, executes it in the correct nix-shell). This worked well up until 1.3.0, when the serverExecutablePath was set to have only "machine" scope and thus must be configured globally.

The ostensible reason for this change is to prevent somebody from causing arbitrary script execution, but this seems weak - if you're compiling code I have control over, I can do this just as easily through a TH splice. So I'd like to request that this change be reverted.

[nc6]

Ah, my apologies, I see this is a duplicate of #387

[jneira]

No worries, good to know how it is impacting users, if you have the opportunity it would be great to know (commenting in the previous issue if possible) what is your workflow, to help in the design of the alternative to the actual situation.

if you're compiling code I have control over, I can do this just as easily through a TH splice

The machine scope would let an attacker execute an arbitrary program simply opening a folder with vscode so i think it doesnt have the same severity imho. The existence of other security holes cant be a excuse to let open another one.

If you dont mind i would prefer to close this one and centralize the info in the mentioned issue.