This is the mail archive of the
gdb-patches@sourceware.org
mailing list for the GDB project.
Re: dont load .gdbinit if it is world writable
- From: Daniel Jacobowitz <drow at false dot org>
- To: Mike Frysinger <vapier at gentoo dot org>
- Cc: gdb-patches at sourceware dot org
- Date: Sun, 4 Mar 2007 20:45:18 -0500
- Subject: Re: dont load .gdbinit if it is world writable
- References: <200703041808.04010.vapier@gentoo.org>
On Sun, Mar 04, 2007 at 06:08:02PM -0500, Mike Frysinger wrote:
> attached patch checks to see if the $PWD/.gdbinit file is world writable and
> if so, warn about this and refuse to load it
>
> idea being that since you can execute just about anything in it, you dont want
> random people inserting this in it
>
> of course, the usefulness of this is marginalized if .gdbinit is owned by a
> diff user and they just make it world readable but not world writable ... but
> i dont think a cwdbuf.st_uid == getuid() would be accepted ?
You can find my more thorough patch for this in the archives, from
late May 2006. There was some feedback (to be honest I completely
don't remember what it was) and I never got back to it. I think Red
Hat has a different patch for it in their RPMS, too.
--
Daniel Jacobowitz
CodeSourcery