From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gdb-patches-return-39879-listarch-gdb-patches=sources.redhat.com@sources.redhat.com>
Received: (qmail 7948 invoked by alias); 11 Jun 2005 22:35:30 -0000
Mailing-List: contact gdb-patches-help@sources.redhat.com; run by ezmlm
Precedence: bulk
List-Subscribe: <mailto:gdb-patches-subscribe@sources.redhat.com>
List-Archive: <http://sources.redhat.com/ml/gdb-patches/>
List-Post: <mailto:gdb-patches@sources.redhat.com>
List-Help: <mailto:gdb-patches-help@sources.redhat.com>, <http://sources.redhat.com/ml/#faqs>
Sender: gdb-patches-owner@sources.redhat.com
Received: (qmail 7929 invoked by uid 22791); 11 Jun 2005 22:35:25 -0000
Received: from sibelius.xs4all.nl (HELO sibelius.xs4all.nl) (82.92.89.47)
    by sourceware.org (qpsmtpd/0.30-dev) with ESMTP; Sat, 11 Jun 2005 22:35:25 +0000
Received: from elgar.sibelius.xs4all.nl (root@elgar.sibelius.xs4all.nl [192.168.0.2])
	by sibelius.xs4all.nl (8.13.0/8.13.0) with ESMTP id j5BMZH8m015018;
	Sun, 12 Jun 2005 00:35:17 +0200 (CEST)
Received: from elgar.sibelius.xs4all.nl (kettenis@localhost.sibelius.xs4all.nl [127.0.0.1])
	by elgar.sibelius.xs4all.nl (8.13.4/8.13.3) with ESMTP id j5BMZGTn021061;
	Sun, 12 Jun 2005 00:35:16 +0200 (CEST)
Received: (from kettenis@localhost)
	by elgar.sibelius.xs4all.nl (8.13.4/8.13.4/Submit) id j5BMZGvC014097;
	Sun, 12 Jun 2005 00:35:16 +0200 (CEST)
Date: Sat, 11 Jun 2005 22:35:00 -0000
Message-Id: <200506112235.j5BMZGvC014097@elgar.sibelius.xs4all.nl>
From: Mark Kettenis <mark.kettenis@xs4all.nl>
To: drow@false.org
CC: gdb-patches@sourceware.org
In-reply-to: <20050530185201.GA29332@nevyn.them.org> (message from Daniel
	Jacobowitz on Mon, 30 May 2005 14:52:01 -0400)
Subject: Re: RFC: Check permissions of .gdbinit files
References:  <20050530185201.GA29332@nevyn.them.org>
X-SW-Source: 2005-06/txt/msg00112.txt.bz2

   Date: Mon, 30 May 2005 14:52:01 -0400
   From: Daniel Jacobowitz <drow@false.org>

   Gentoo recently published a security update for GDB, citing the fact that
   GDB would load .gdbinit from the current directory even if that was owned by
   another user.  I'm not sure how I feel about running GDB in an untrusted
   directory or on untrusted binaries and expecting it to behave sensibly, but
   this particular issue is easy to fix.  Here's my suggested fix; it's not the
   same as Gentoo's.  If .gdbinit is world writable or owned by a different
   user, refuse to open it (and warn the user).

   Anyone have opinions on this change?

What does vi do with respect to .exrc?  It might make sense to follow
its example.

Mark