From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 14834 invoked by alias); 18 Jan 2012 04:00:15 -0000 Received: (qmail 14824 invoked by uid 22791); 18 Jan 2012 04:00:14 -0000 X-SWARE-Spam-Status: No, hits=-2.0 required=5.0 tests=AWL,BAYES_00 X-Spam-Check-By: sourceware.org Received: from rock.gnat.com (HELO rock.gnat.com) (205.232.38.15) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Wed, 18 Jan 2012 04:00:01 +0000 Received: from localhost (localhost.localdomain [127.0.0.1]) by filtered-rock.gnat.com (Postfix) with ESMTP id 7C9C22BB086; Tue, 17 Jan 2012 23:00:00 -0500 (EST) Received: from rock.gnat.com ([127.0.0.1]) by localhost (rock.gnat.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id c4tYClbSb3YW; Tue, 17 Jan 2012 23:00:00 -0500 (EST) Received: from joel.gnat.com (localhost.localdomain [127.0.0.1]) by rock.gnat.com (Postfix) with ESMTP id DD65E2BB057; Tue, 17 Jan 2012 22:59:59 -0500 (EST) Received: by joel.gnat.com (Postfix, from userid 1000) id 617DA145615; Wed, 18 Jan 2012 07:59:27 +0400 (RET) Date: Wed, 18 Jan 2012 04:26:00 -0000 From: Joel Brobecker To: Tom Tromey Cc: Eli Zaretskii , jan.kratochvil@redhat.com, dje@google.com, gdb-patches@sourceware.org Subject: Re: [patch] New set auto-load-local-gdbinit + disable it by default Message-ID: <20120118035927.GY31383@adacore.com> References: <20120117095552.GA6141@host2.jankratochvil.net> <20120117162621.GA3883@host2.jankratochvil.net> <837h0q5i4u.fsf@gnu.org> <20120117175957.GA9415@host2.jankratochvil.net> <83ty3u3uj1.fsf@gnu.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.20 (2009-06-14) Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org X-SW-Source: 2012-01/txt/msg00658.txt.bz2 It's become really hard, at least for me, to focus on this discussion. We started from discussing about the local .gdbinit file to everything auto-loaded is unsafe. I see why the latter was discussed, and how it was useful, so this is not a criticism. After having read everyone's emails so far, my stance on this is: . About reading the .gdbinit file in the current directory: It's a question of how seriously the security weakness should be taken. I confess I have a hard time taking them seriously, but I know I am probably too naive. This is a feature that I could personally live without, and therefore will not oppose its removal. I would like to propose the following, however, to help the users who want to continue relying on it. I am happy to implement it if necessary: Provide a new command that would read the .gdbinit file in the current working directory if present, and do nothing otherwise. I would like to provide options that select between loading silently, and loading with a warning first, and why not, asking before loading. The idea is that the user who would like to preserve the old behavior can put that command in his $HOME/.gdbinit file. . To me, it is extremely important that system-gdbinit is still automatically loaded. The system gdbinit file is there to help the user setup his debugging session. It should be considered as trusted, and I oppose a change that would stop is automatic loading. The language is strong, but it does not mean that I have veto right - so if I am outvoted, so be it. . About the auto-loading of Python code: I think that the cost of removing the auto-loading, even if it is only for non-trusted directories, would be too high. I would prefer if it discussed this separately after the .gdbinit issue has been resolved. -- Joel