This is the mail archive of the gdb-patches@sourceware.org mailing list for the GDB project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: dont load .gdbinit if it is world writable

From: Mike Frysinger <vapier at gentoo dot org>
To: Daniel Jacobowitz <drow at false dot org>
Cc: gdb-patches at sourceware dot org
Date: Sun, 4 Mar 2007 21:38:22 -0500
Subject: Re: dont load .gdbinit if it is world writable
References: <200703041808.04010.vapier@gentoo.org> <20070305014518.GA19865@caradoc.them.org>

On Sunday 04 March 2007, Daniel Jacobowitz wrote:
> On Sun, Mar 04, 2007 at 06:08:02PM -0500, Mike Frysinger wrote:
> > attached patch checks to see if the $PWD/.gdbinit file is world writable
> > and if so, warn about this and refuse to load it
> >
> > idea being that since you can execute just about anything in it, you dont
> > want random people inserting this in it
> >
> > of course, the usefulness of this is marginalized if .gdbinit is owned by
> > a diff user and they just make it world readable but not world writable
> > ... but i dont think a cwdbuf.st_uid == getuid() would be accepted ?
>
> You can find my more thorough patch for this in the archives, from
> late May 2006.  There was some feedback (to be honest I completely
> don't remember what it was) and I never got back to it.  I think Red
> Hat has a different patch for it in their RPMS, too.

ah i had searched but hadnt found that one since it dated so old (June 2005: 
RFC: Check permissions of .gdbinit files)

thanks for the pointer
-mike

Attachment: pgp00000.pgp
Description: PGP signature

References:
- dont load .gdbinit if it is world writable
  - From: Mike Frysinger
- Re: dont load .gdbinit if it is world writable
  - From: Daniel Jacobowitz

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]