This is the mail archive of the gdb-patches@sourceware.org mailing list for the GDB project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: dont load .gdbinit if it is world writable

From: Daniel Jacobowitz <drow at false dot org>
To: Mike Frysinger <vapier at gentoo dot org>
Cc: gdb-patches at sourceware dot org
Date: Sun, 4 Mar 2007 20:45:18 -0500
Subject: Re: dont load .gdbinit if it is world writable
References: <200703041808.04010.vapier@gentoo.org>

On Sun, Mar 04, 2007 at 06:08:02PM -0500, Mike Frysinger wrote:
> attached patch checks to see if the $PWD/.gdbinit file is world writable and 
> if so, warn about this and refuse to load it
> 
> idea being that since you can execute just about anything in it, you dont want 
> random people inserting this in it
> 
> of course, the usefulness of this is marginalized if .gdbinit is owned by a 
> diff user and they just make it world readable but not world writable ... but 
> i dont think a cwdbuf.st_uid == getuid() would be accepted ?

You can find my more thorough patch for this in the archives, from
late May 2006.  There was some feedback (to be honest I completely
don't remember what it was) and I never got back to it.  I think Red
Hat has a different patch for it in their RPMS, too.

-- 
Daniel Jacobowitz
CodeSourcery

Follow-Ups:
- Re: dont load .gdbinit if it is world writable
  - From: Mike Frysinger

References:
- dont load .gdbinit if it is world writable
  - From: Mike Frysinger

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]