From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gdb-patches-return-47896-listarch-gdb-patches=sources.redhat.com@sourceware.org>
Received: (qmail 25423 invoked by alias); 4 Mar 2007 23:08:10 -0000
Received: (qmail 25412 invoked by uid 22791); 4 Mar 2007 23:08:09 -0000
X-Spam-Check-By: sourceware.org
Received: from smtp.gentoo.org (HELO smtp.gentoo.org) (140.211.166.183)     by sourceware.org (qpsmtpd/0.31) with ESMTP; Sun, 04 Mar 2007 23:08:08 +0000
Received: from home.wh0rd.org (pool-151-203-5-76.bos.east.verizon.net [151.203.5.76]) 	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) 	(No client certificate requested) 	by smtp.gentoo.org (Postfix) with ESMTP id 6B0976468C 	for <gdb-patches@sourceware.org>; Sun,  4 Mar 2007 23:08:05 +0000 (UTC)
Received: (qmail 29250 invoked from network); 4 Mar 2007 17:55:58 -0500
Received: from unknown (HELO vapier) (192.168.0.2)   by 192.168.0.1 with SMTP; 4 Mar 2007 17:55:58 -0500
From: Mike Frysinger <vapier@gentoo.org>
To: gdb-patches@sourceware.org
Subject: dont load .gdbinit if it is world writable
Date: Sun, 04 Mar 2007 23:08:00 -0000
User-Agent: KMail/1.9.6
MIME-Version: 1.0
Content-Type: Multipart/Mixed;   boundary="Boundary-00=_UF16FNLDZvKw4ja"
Message-Id: <200703041808.04010.vapier@gentoo.org>
Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <gdb-patches.sourceware.org>
List-Subscribe: <mailto:gdb-patches-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/gdb-patches/>
List-Post: <mailto:gdb-patches@sourceware.org>
List-Help: <mailto:gdb-patches-help@sourceware.org>, <http://sourceware.org/ml/#faqs>
Sender: gdb-patches-owner@sourceware.org
X-SW-Source: 2007-03/txt/msg00027.txt.bz2


--Boundary-00=_UF16FNLDZvKw4ja
Content-Type: multipart/signed;
  boundary="nextPart1498433.dU6TXYWAb0";
  protocol="application/pgp-signature";
  micalg=pgp-sha1
Content-Transfer-Encoding: 7bit


--nextPart1498433.dU6TXYWAb0
Content-Type: text/plain;
  charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Content-length: 483

attached patch checks to see if the $PWD/.gdbinit file is world writable an=
d=20
if so, warn about this and refuse to load it

idea being that since you can execute just about anything in it, you dont w=
ant=20
random people inserting this in it

of course, the usefulness of this is marginalized if .gdbinit is owned by a=
=20
diff user and they just make it world readable but not world writable ... b=
ut=20
i dont think a cwdbuf.st_uid =3D=3D getuid() would be accepted ?
-mike

--nextPart1498433.dU6TXYWAb0
Content-Type: application/pgp-signature
Content-length: 827

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.2 (GNU/Linux)

iQIVAwUARetRU0FjO5/oN/WBAQKNJhAArP/BdtLjRWOgK9wJwC74xkbTn10pd61O
XVmforDbLOi5sk4uJNtyMs2yeiTBvg7MYce2qQS8W9WjpVF3L3RQNipeHC8O7O8N
T0J4n9fsw1O0US/crBBZTqsLoSoxWijWv3joIF7jBJPuVsnAos5fWvx20vbb2A6E
bQ6gz3ymkI341bjB72rYLEYG6lT2B2GGn9hbaSMiDIW33EWbGXMLDT/WFgLWzFco
6VVubljbzcPsrUKEjHor88VDkNtWSGP5j1SNxGzulAXA0gEeH+Ux2fWW7q1KiVPh
mfofN7cMKpd9UKf/OEihr/2MDYobicYFM9WvYMaYHgGA3NOBwT2GyWUlxugEqOfz
nzGVLt05mBvbiLndSC1HSQmcmz0Db+CU7TWdZWGB9XmbzDrb+hgHXRJa2VdJ8tMm
yFftJV0RneeFtPuHxQhoLz5pWVnF7d0h8HERBp08UD5rnE94OdAw9iCqPTLQKBep
H1ujIC1alyGzryMjpjoCkPzY1t+yTUFG2gbwKre7j6F45XSX0ekI5lgAQGnutgzs
kgkg2zHCKrmiVlZfvuLhJUKYMjl8H3TlaIvvM1Kl40aSDxEBoYv3MDp6QXueSxpV
dtvrq039MMg6xwVmbkqlHt4+RpbNEy1SaXft6XfqVt1qr3rkEvMZJsdvBpXwzJdY
LpReVLJs/Uo=
=4kyN
-----END PGP SIGNATURE-----

--nextPart1498433.dU6TXYWAb0--

--Boundary-00=_UF16FNLDZvKw4ja
Content-Type: text/x-diff;
  charset="us-ascii";
  name="gdb-dont-load-world-writable-gdbinit.patch"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline;
	filename="gdb-dont-load-world-writable-gdbinit.patch"
Content-length: 677

2007-03-04  Mike Frysinger  <vapier@gentoo.org>

	* main.c: Check if .gdbinit is world writable.

--- main.c	9 Jan 2007 21:34:29 -0000	1.62
+++ main.c	4 Mar 2007 22:59:00 -0000
@@ -763,7 +763,14 @@ extern int gdbtk_test (char *);
       || memcmp ((char *) &homebuf, (char *) &cwdbuf, sizeof (struct stat)=
))
     if (!inhibit_gdbinit)
       {
-	catch_command_errors (source_script, gdbinit, 0, RETURN_MASK_ALL);
+	if (cwdbuf.st_mode & S_IWOTH)
+	  {
+	    warning (_("Refusing to load world writable gdbinit `%s'.\n"), gdbini=
t);
+	  }
+	else
+	  {
+	    catch_command_errors (source_script, gdbinit, 0, RETURN_MASK_ALL);
+	  }
       }
=20
   for (i =3D 0; i < ncmd; i++)

--Boundary-00=_UF16FNLDZvKw4ja--