This is the mail archive of the gdb-patches@sourceware.org mailing list for the GDB project.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
Other format: | [Raw text] |
[snip]- catch_command_errors (source_script, home_gdbinit, 0, RETURN_MASK_ALL); + catch_command_errors (source_script, home_gdbinit, -1, RETURN_MASK_ALL);
I don't mind using -1 for from_tty here (especially if there is precedent :-)), but a #define/enum would be nicer. catch_command_errors has a limited API so overloading from_tty is a pragmatic tradeoff.
Maybe specify both separately or just have check_security instead of from_tty?
+ if (statbuf.st_uid != getuid ())
I wonder if you also need to watch for file owner == root (and not world writable). E.g. scripts like --with-system-gdbinit. That won't happen with the patch as is, but that feels like a high-level detail that this function shouldn't have to know about.
Trying to formalize, I think this is: 1) If the script is world-writable --> warn/query the user 2) If the script is group-writable --> warn/query 3) If the script is not owned by you or root --> warn/query
Then again, why not do this security check for system.gdbinit too?
Comments? Keith
ChangeLog 2010-11-29 Keith Seitz <keiths@redhat.com>
Based on work from Daniel Jacobowitz <dan@codesourcery.com> and Jeff Johnston <jjohnstn@redhat.com>: * cli/cli-cmds.h (source_script_with_security_check): New function. * cli/cli-cmds.c (source_script_with_security_check): Likewise. (find_and_open_script): Add SECURITY_CHECK parameter. Implement a basic security check of the script file before executing it. (source_script_with_search): Add SECURITY_CHECK parameter and pass it to find_and_open_script. (source_script): Update call to find_and_open_script, performing no security check of the file. (source_command): Likewise. (source_script_with_security_check): New function. * main.c (captured_main): When reading init files, use source_script_with_security_check. * python/py-auto-load.c (source_section_scripts): Update call to find_and_open_script, performing no security check.
doc/ChangeLog 2010-11-29 Keith Seitz <keiths@redhat.com>
* gdb.texinfo (Startup): Document security handling of .gdbinit files.
Attachment:
gdbinit-security-3.patch
Description: Text document
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |