This is the mail archive of the gdb-patches@sourceware.org mailing list for the GDB project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [patch] New set auto-load-local-gdbinit + disable it by default


On Tue, 24 Jan 2012 01:28:02 +0100, Stan Shebs wrote:
> From the tenor of the discussion, I get the impression of
> willingness to break longstanding development habits for most GNU
> folks in order to tick off a couple boxes on the security checklist.

This CVE is a result of my request to Red Hat security people to evaluate the
security risk of .gdbinit + PythonGDB + other issues being addressed.  Red Hat
security considers this behavior as a valid risk and therefore they filed CVE
for it.  This way I can reference a professionals consider this GDB behavior
risky and it is just not my false and unfounded opinion.


> Before making any specific changes, I think it would be prudent to
> ping all the groups that have their own .gdbinit files; if they're
> OK with the changes, then great. 

I do not find acceptable to keep GDB insecure just because other projects want
it so.


> Otherwise I think there will be a
> flood of complaints, and possibly people distributing versions of
> GDB with the change reverted, which would defeat the purpose. :-)

I am fine many people will want the old .gdbinit behavior, various settings for
it are being both implemented
	echo 'set auto-load-local-gdbinit on' >>~/.gdbinit
and futher discussed.  But the users of .gdbinit
(a) should be at least warned it is insecure in some cases.
(b) New users should no longer get used to this problematic behavior.


> I would imagine that the people who open tarballs from unknown
> sources and run GDB on the contents already know about -nx and -x,
> eh?

-nx is definitely not enough:

On Tue, 17 Jan 2012 18:48:39 +0100, Jan Kratochvil wrote:
# Now instead of just -nx one has to use also "set auto-load-scripts off",
# use -ex "file X" and -ex "core-file Y" instead of just X and Y to get that
# "set auto-load-scripts off" executed first,
# use beforehand -ex "set libthread-db-search-path /foo", OK, that may be enough
# if I did not miss anything else.

And I forgot in the paragraph above about JIT which I have no idea how to
disable.


Thanks,
Jan


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]