From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 17968 invoked by alias); 24 Jan 2012 15:18:05 -0000 Received: (qmail 17943 invoked by uid 22791); 24 Jan 2012 15:18:04 -0000 X-SWARE-Spam-Status: No, hits=-6.6 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_HI,SPF_HELO_PASS,T_RP_MATCHES_RCVD X-Spam-Check-By: sourceware.org Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Tue, 24 Jan 2012 15:17:50 +0000 Received: from int-mx02.intmail.prod.int.phx2.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id q0OFHmSN002210 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 24 Jan 2012 10:17:48 -0500 Received: from host2.jankratochvil.net (ovpn-116-21.ams2.redhat.com [10.36.116.21]) by int-mx02.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id q0OFHiox021126 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Tue, 24 Jan 2012 10:17:47 -0500 Date: Tue, 24 Jan 2012 15:54:00 -0000 From: Jan Kratochvil To: Stan Shebs Cc: gdb-patches@sourceware.org Subject: Re: [patch] New set auto-load-local-gdbinit + disable it by default Message-ID: <20120124151744.GA30630@host2.jankratochvil.net> References: <20120117095552.GA6141@host2.jankratochvil.net> <4F1DFB12.6060009@earthlink.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4F1DFB12.6060009@earthlink.net> User-Agent: Mutt/1.5.21 (2010-09-15) X-IsSubscribed: yes Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org X-SW-Source: 2012-01/txt/msg00827.txt.bz2 On Tue, 24 Jan 2012 01:28:02 +0100, Stan Shebs wrote: > From the tenor of the discussion, I get the impression of > willingness to break longstanding development habits for most GNU > folks in order to tick off a couple boxes on the security checklist. This CVE is a result of my request to Red Hat security people to evaluate the security risk of .gdbinit + PythonGDB + other issues being addressed. Red Hat security considers this behavior as a valid risk and therefore they filed CVE for it. This way I can reference a professionals consider this GDB behavior risky and it is just not my false and unfounded opinion. > Before making any specific changes, I think it would be prudent to > ping all the groups that have their own .gdbinit files; if they're > OK with the changes, then great. I do not find acceptable to keep GDB insecure just because other projects want it so. > Otherwise I think there will be a > flood of complaints, and possibly people distributing versions of > GDB with the change reverted, which would defeat the purpose. :-) I am fine many people will want the old .gdbinit behavior, various settings for it are being both implemented echo 'set auto-load-local-gdbinit on' >>~/.gdbinit and futher discussed. But the users of .gdbinit (a) should be at least warned it is insecure in some cases. (b) New users should no longer get used to this problematic behavior. > I would imagine that the people who open tarballs from unknown > sources and run GDB on the contents already know about -nx and -x, > eh? -nx is definitely not enough: On Tue, 17 Jan 2012 18:48:39 +0100, Jan Kratochvil wrote: # Now instead of just -nx one has to use also "set auto-load-scripts off", # use -ex "file X" and -ex "core-file Y" instead of just X and Y to get that # "set auto-load-scripts off" executed first, # use beforehand -ex "set libthread-db-search-path /foo", OK, that may be enough # if I did not miss anything else. And I forgot in the paragraph above about JIT which I have no idea how to disable. Thanks, Jan