From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 4128 invoked by alias); 23 Apr 2012 02:38:00 -0000 Received: (qmail 4116 invoked by uid 22791); 23 Apr 2012 02:37:58 -0000 X-SWARE-Spam-Status: No, hits=-6.3 required=5.0 tests=AWL,BAYES_00,KHOP_RCVD_UNTRUST,RCVD_IN_DNSWL_HI,RCVD_IN_HOSTKARMA_W,SPF_HELO_PASS,T_RP_MATCHES_RCVD X-Spam-Check-By: sourceware.org Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Mon, 23 Apr 2012 02:37:39 +0000 Received: from int-mx02.intmail.prod.int.phx2.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id q3N2bcNF004669 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Sun, 22 Apr 2012 22:37:38 -0400 Received: from host2.jankratochvil.net (ovpn-116-17.ams2.redhat.com [10.36.116.17]) by int-mx02.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id q3N2bYeJ008921 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Sun, 22 Apr 2012 22:37:37 -0400 Date: Mon, 23 Apr 2012 04:53:00 -0000 From: Jan Kratochvil To: Doug Evans Cc: gdb-patches@sourceware.org Subject: Re: [patch] auto-load safe-path reset back by set "" Message-ID: <20120423023734.GA23871@host2.jankratochvil.net> References: <20120422165128.GA21820@host2.jankratochvil.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) X-IsSubscribed: yes Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org X-SW-Source: 2012-04/txt/msg00726.txt.bz2 On Sun, 22 Apr 2012 23:26:16 +0200, Doug Evans wrote: > A thought occurred to me regarding the default value of auto-load-path > = ${prefix}. > For a typical value of /usr, it doesn't give as much protection as it could. > E.g. /usr/tmp, /usr/local/tmp I never noticed /usr/tmp, this is a real problem. > (or possibly anything in /usr/local). This should not be a problem, /usr/local has superuser-only write permissions. > So I was wondering if we really want security to be on by default, I do not think it is so important for custom GDB builds and neither for Fedora/RHEL when I can set it up properly but I have some doubts distros in general will set it at all if the default will remain insecure. > should the default value be gdb's data-directory (e.g., > $prefix/share/gdb) + $exec_prefix/lib{,32,64} + ??? I was thinkink about making the default '$prefix:-$prefix/tmp' (sure with a new GDB feature to remove safety from sub-trees by '-'). But you are right $prefix/share/gdb may be enough as packages use / should use $prefix/share/gdb/auto-load/ for their *-gdb.py hooks. In such case I do not know why to add also that $exec_prefix/lib{,32,64} + ???. > Plus, it seems like at least data-directory should be relocatable. > Implementing this might be cumbersome unless data-directory was > represented as something like "$ddir". Or maybe represent $prefix as > $pdir, etc.. There is precedent. Whether to apply that here - I'm > just raising the issue, I'm not sure myself. $pdir from libthread-db-search-path is different, it should not be overloaded to a different meaning here. But $ddir for data-directory looks correct to me. Thanks, Jan