From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 4898 invoked by alias); 5 Mar 2007 02:38:29 -0000 Received: (qmail 4886 invoked by uid 22791); 5 Mar 2007 02:38:29 -0000 X-Spam-Check-By: sourceware.org Received: from smtp.gentoo.org (HELO smtp.gentoo.org) (140.211.166.183) by sourceware.org (qpsmtpd/0.31) with ESMTP; Mon, 05 Mar 2007 02:38:26 +0000 Received: from home.wh0rd.org (pool-151-203-5-76.bos.east.verizon.net [151.203.5.76]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTP id 7011464A55 for ; Mon, 5 Mar 2007 02:38:24 +0000 (UTC) Received: (qmail 12017 invoked from network); 4 Mar 2007 21:26:14 -0500 Received: from unknown (HELO vapier) (192.168.0.2) by 192.168.0.1 with SMTP; 4 Mar 2007 21:26:14 -0500 From: Mike Frysinger To: Daniel Jacobowitz Subject: Re: dont load .gdbinit if it is world writable Date: Mon, 05 Mar 2007 02:38:00 -0000 User-Agent: KMail/1.9.6 Cc: gdb-patches@sourceware.org References: <200703041808.04010.vapier@gentoo.org> <20070305014518.GA19865@caradoc.them.org> In-Reply-To: <20070305014518.GA19865@caradoc.them.org> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart25509254.GZQfKhCu0X"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200703042138.23624.vapier@gentoo.org> Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org X-SW-Source: 2007-03/txt/msg00031.txt.bz2 --nextPart25509254.GZQfKhCu0X Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Content-length: 1032 On Sunday 04 March 2007, Daniel Jacobowitz wrote: > On Sun, Mar 04, 2007 at 06:08:02PM -0500, Mike Frysinger wrote: > > attached patch checks to see if the $PWD/.gdbinit file is world writable > > and if so, warn about this and refuse to load it > > > > idea being that since you can execute just about anything in it, you do= nt > > want random people inserting this in it > > > > of course, the usefulness of this is marginalized if .gdbinit is owned = by > > a diff user and they just make it world readable but not world writable > > ... but i dont think a cwdbuf.st_uid =3D=3D getuid() would be accepted ? > > You can find my more thorough patch for this in the archives, from > late May 2006. There was some feedback (to be honest I completely > don't remember what it was) and I never got back to it. I think Red > Hat has a different patch for it in their RPMS, too. ah i had searched but hadnt found that one since it dated so old (June 2005= :=20 RFC: Check permissions of .gdbinit files) thanks for the pointer -mike --nextPart25509254.GZQfKhCu0X Content-Type: application/pgp-signature Content-length: 827 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.2 (GNU/Linux) iQIVAwUAReuCn0FjO5/oN/WBAQLiHQ/9FvYs4M8NSsKCud2yBSKKuhSHRmlqFFXw HElOrnDtvEl9uzhFCCtL5Jx57Yq+05rxpvnTfuDlfc2fa8mjujTWhJPhV11LYefG TMkG0eYAsMWbJnStUHROjsKWf3Q9Lrf1HKck8s7i+HyvaZBzm8Tn6N7sJeZcoSpi p3GzDd8omGApduIh05YDgu/gbM1HnUyq3b4tA1t5j/ubFYnzB8lvzCRCS2iDcUhm QQnzFmidAnoVBU6NpFshn4fh0vPQi9Z8nXMqkQelA8m4HvVn6cKwu7EM+dObr15g +WqP+PyQzGMHfFZw4HsycsL3tO6svQ2o4KnhowQwteEvHZ3+XyN3/nN3xALSwYkY Gv97frdAC9nC6eX9yACLEXINXLbghX+d6ATajrd0kHI1Ky02ynFyjXlYX1bkXup+ PN3hmuFWHT7vJ0QgICeyNtMiUhmw/hnOZiq/uTwuySUdaAA1gWn09TUYiGDVVwRg g9dewHPcvPaKOfmsVF5nwS+dWyZiKt6cCldWaoB5DFcmYgnWdOy/eDGVM5cQzVlH 63VmJFiZsIxOmzI8eH/CS7hd2j5YuvgZZs9Ir2Q9CAKY6iOoWCNGSmU2bcYE5PRD dFvi5/HjTy8Q1N07bxlhzgNLceakDWxdfmPu69jE968txTFg+zF8iNoP8JWfqM7j +tuu/mS75B0= =O6BI -----END PGP SIGNATURE----- --nextPart25509254.GZQfKhCu0X--