This is the mail archive of the gdb-patches@sourceware.org mailing list for the GDB project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

dont load .gdbinit if it is world writable


attached patch checks to see if the $PWD/.gdbinit file is world writable and 
if so, warn about this and refuse to load it

idea being that since you can execute just about anything in it, you dont want 
random people inserting this in it

of course, the usefulness of this is marginalized if .gdbinit is owned by a 
diff user and they just make it world readable but not world writable ... but 
i dont think a cwdbuf.st_uid == getuid() would be accepted ?
-mike

Attachment: pgp00000.pgp
Description: PGP signature

2007-03-04  Mike Frysinger  <vapier@gentoo.org>

	* main.c: Check if .gdbinit is world writable.

--- main.c	9 Jan 2007 21:34:29 -0000	1.62
+++ main.c	4 Mar 2007 22:59:00 -0000
@@ -763,7 +763,14 @@ extern int gdbtk_test (char *);
       || memcmp ((char *) &homebuf, (char *) &cwdbuf, sizeof (struct stat)))
     if (!inhibit_gdbinit)
       {
-	catch_command_errors (source_script, gdbinit, 0, RETURN_MASK_ALL);
+	if (cwdbuf.st_mode & S_IWOTH)
+	  {
+	    warning (_("Refusing to load world writable gdbinit `%s'.\n"), gdbinit);
+	  }
+	else
+	  {
+	    catch_command_errors (source_script, gdbinit, 0, RETURN_MASK_ALL);
+	  }
       }
 
   for (i = 0; i < ncmd; i++)

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]