From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 27373 invoked by alias); 17 Jan 2012 18:43:08 -0000 Received: (qmail 27191 invoked by uid 22791); 17 Jan 2012 18:43:06 -0000 X-SWARE-Spam-Status: No, hits=-6.0 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_HI,SARE_LWSHORTT,SPF_HELO_PASS,T_RP_MATCHES_RCVD X-Spam-Check-By: sourceware.org Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Tue, 17 Jan 2012 18:42:51 +0000 Received: from int-mx09.intmail.prod.int.phx2.redhat.com (int-mx09.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id q0HIgoJS017184 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 17 Jan 2012 13:42:50 -0500 Received: from host2.jankratochvil.net (ovpn-116-21.ams2.redhat.com [10.36.116.21]) by int-mx09.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id q0HIgiUB018519 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Tue, 17 Jan 2012 13:42:47 -0500 Date: Tue, 17 Jan 2012 18:44:00 -0000 From: Jan Kratochvil To: Doug Evans Cc: gdb-patches@sourceware.org Subject: Re: [patch] New set auto-load-local-gdbinit + disable it by default Message-ID: <20120117184244.GA13988@host2.jankratochvil.net> References: <20120117095552.GA6141@host2.jankratochvil.net> <20120117162621.GA3883@host2.jankratochvil.net> <20120117165640.GB5344@host2.jankratochvil.net> <20120117174839.GA8459@host2.jankratochvil.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) X-IsSubscribed: yes Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org X-SW-Source: 2012-01/txt/msg00616.txt.bz2 On Tue, 17 Jan 2012 19:29:04 +0100, Doug Evans wrote: > > It is difficult to argue myself but IMO in a survey between GDB newbies they > > find easier if GDB behaves always the same than if it behaves differently > > according to which program you load into it. > > Which survey is that? Is it online? Unfortunately I do not know about any. I was just guessing results of a hypothetical survey. Sorry for being unclear. > [And I'm curious once they understand what's going on, what do they prefer. > Every new thing involves a bit of a learning curve ... If anything requires a needless learning curve it will be changed. > I'd be curious to know what the long term cost/benefit is for these newbies > in addition to just the short term ... Once they understand it, do they > prefer it?] They do not need to understand it. They just already use and develop other debuggers. > Script it. If you prefer it in FSF GDB as a script I am can code it that way. > Too complicated how? I find (a) Extract first and second argument in shell, that will be several lines of code. (b) exec gdb -nx -x /etc/gdbinit -x ~/.gdbinit -ex "set auto-load-scripts off" -ex "set libthread-db-search-path" -ex "file $file -ex "core-file $corefile" "$@" as more complicated than gdb -secure "$@" Don't you? > Write the script once and you're done. > If we had a contrib-like directory we could even ship one with gdb. I have to ship it anyway so either Fedora + Red Hat will have to fork again or it needs to be shipped with gdb. It is a normal task of developers to analyze shipped crashes/binaries. > Are we sure we want to claim to the user community -safe is, umm, safe? > It seems like we're a fair ways from being ready to claim it, setting > aside auto-loading. If we are not ready for -safe then we should not. I am aware of DWARF reading unhandled run-offs but that is AFAIK only DoS category of exploit. Are you aware of any new exploits? This Python/libthread_db is CVE-2011-4355. Thanks, Jan