From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 15216 invoked by alias); 5 Mar 2007 01:45:24 -0000 Received: (qmail 15207 invoked by uid 22791); 5 Mar 2007 01:45:24 -0000 X-Spam-Check-By: sourceware.org Received: from nevyn.them.org (HELO nevyn.them.org) (66.93.172.17) by sourceware.org (qpsmtpd/0.31.1) with ESMTP; Mon, 05 Mar 2007 01:45:22 +0000 Received: from dsl093-172-095.pit1.dsl.speakeasy.net ([66.93.172.95] helo=caradoc.them.org) by nevyn.them.org with esmtp (Exim 4.63) (envelope-from ) id 1HO2GN-00019U-9Y; Sun, 04 Mar 2007 20:45:19 -0500 Received: from drow by caradoc.them.org with local (Exim 4.63) (envelope-from ) id 1HO2GM-0005B8-W6; Sun, 04 Mar 2007 20:45:18 -0500 Date: Mon, 05 Mar 2007 01:45:00 -0000 From: Daniel Jacobowitz To: Mike Frysinger Cc: gdb-patches@sourceware.org Subject: Re: dont load .gdbinit if it is world writable Message-ID: <20070305014518.GA19865@caradoc.them.org> Mail-Followup-To: Mike Frysinger , gdb-patches@sourceware.org References: <200703041808.04010.vapier@gentoo.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200703041808.04010.vapier@gentoo.org> User-Agent: Mutt/1.5.13 (2006-08-11) X-IsSubscribed: yes Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org X-SW-Source: 2007-03/txt/msg00030.txt.bz2 On Sun, Mar 04, 2007 at 06:08:02PM -0500, Mike Frysinger wrote: > attached patch checks to see if the $PWD/.gdbinit file is world writable and > if so, warn about this and refuse to load it > > idea being that since you can execute just about anything in it, you dont want > random people inserting this in it > > of course, the usefulness of this is marginalized if .gdbinit is owned by a > diff user and they just make it world readable but not world writable ... but > i dont think a cwdbuf.st_uid == getuid() would be accepted ? You can find my more thorough patch for this in the archives, from late May 2006. There was some feedback (to be honest I completely don't remember what it was) and I never got back to it. I think Red Hat has a different patch for it in their RPMS, too. -- Daniel Jacobowitz CodeSourcery