[patch 1/2] Provide $ddir substitution for --with-auto-load-safe-path

[patch 1/2] Provide $ddir substitution for --with-auto-load-safe-path

[Jan Kratochvil]

Hi,

Doug has suggested using for auto-load safe-path $ddir representing
$prefix/share/gdb as current $prefix is still insecure due to $prefix/tmp
(such as /usr/tmp).
	Re: [patch] auto-load safe-path reset back by set ""
	http://sourceware.org/ml/gdb-patches/2012-04/msg00724.html

I had some concerns about relocatability of auto-load safe-path.  Currently it
is not relocatable but that seems to be a bug.  With $ddir it should no longer
be needed as data-directory itself is relocated.

I am sorry I have made a bit "kitchen sink" from it, such as some rename and
new docs.  I find it all just to be fix ups of the already checked-in
auto-load patchset.

No regressions on {x86_64,x86_64-m32,i686}-fedora17-linux-gnu.


Thanks,
Jan


gdb/
2012-05-09  Jan Kratochvil  <jan.kratochvil@redhat.com>

	Provide $ddir substitution for --with-auto-load-safe-path.
	* NEWS (--with-auto-load-safe-path, --without-auto-load-safe-path): New
	entries.
	* auto-load.c: Include observer.h.
	(auto_load_safe_path_vec_update): Call substitute_path_component for
	each component.  New variable ddir_subst.
	(auto_load_gdb_datadir_changed): New function.
	(set_auto_load_safe_path): Rename DEFAULT_AUTO_LOAD_SAFE_PATH to
	AUTO_LOAD_SAFE_PATH.  New comment.
	(_initialize_auto_load): Rename DEFAULT_AUTO_LOAD_SAFE_PATH to
	AUTO_LOAD_SAFE_PATH.  Install auto_load_gdb_datadir_changed.
	* config.in: Regenerate.
	* configure: Regenerate.
	* configure.ac (--auto-load-safe-path): Rename
	DEFAULT_AUTO_LOAD_SAFE_PATH to AUTO_LOAD_SAFE_PATH.  Default to
	GDB_DATADIR/auto-load.
	* defs.h (substitute_path_component): New declaration.
	* top.c: Include observer.h.
	(set_gdb_datadir): New function.
	(init_main): Install it for "set data-directory".
	* utils.c (substitute_path_component): New function.

gdb/doc/
2012-05-09  Jan Kratochvil  <jan.kratochvil@redhat.com>

	Provide $ddir substitution for --with-auto-load-safe-path.
	* gdb.texinfo (Auto-loading): Replace /usr/local by $ddir/auto-load.
	(Auto-loading safe path): Likewise.  Mention the default value,
	$ddir substitution, --with-auto-load-safe-path and
	--without-auto-load-safe-path.
	* observer.texi (gdb_datadir_changed): New.

--- a/gdb/NEWS
+++ b/gdb/NEWS
@@ -181,6 +181,17 @@ set debug auto-load on|off
 show debug auto-load
   Control display of debugging info for auto-loading the files above.
 
+* New configure options
+
+--with-auto-load-safe-path
+  Configure default value for the 'set auto-load safe-path' setting
+  above.  It defaults to '$ddir/auto-load', $ddir representing the value
+  of configure option --with-gdb-datadir.
+
+--without-auto-load-safe-path
+  Set 'set auto-load safe-path' to '/', effectively disabling this
+  security feature.
+
 * New remote packets
 
 z0/z1 conditional breakpoints extension
--- a/gdb/auto-load.c
+++ b/gdb/auto-load.c
@@ -35,6 +35,7 @@
 #include "gdb_vecs.h"
 #include "readline/tilde.h"
 #include "completer.h"
+#include "observer.h"
 
 /* The suffix of per-objfile scripts to auto-load as non-Python command files.
    E.g. When the program loads libfoo.so, look for libfoo-gdb.gdb.  */
@@ -141,10 +142,16 @@ auto_load_safe_path_vec_update (void)
   for (ix = 0; ix < len; ix++)
     {
       char *dir = VEC_index (char_ptr, auto_load_safe_path_vec, ix);
-      char *expanded = tilde_expand (dir);
-      char *real_path = gdb_realpath (expanded);
+      char *ddir_subst, *expanded, *real_path;
+
+      ddir_subst = xstrdup (dir);
+      substitute_path_component (&ddir_subst, "$ddir", gdb_datadir);
+      expanded = tilde_expand (ddir_subst);
+      xfree (ddir_subst);
+      real_path = gdb_realpath (expanded);
 
-      /* Ensure the current entry is at least tilde_expand-ed.  */
+      /* Ensure the current entry is at least a valid path (therefore
+	 $ddir-expanded and tilde-expanded).  */
       VEC_replace (char_ptr, auto_load_safe_path_vec, ix, expanded);
 
       if (debug_auto_load)
@@ -176,15 +183,24 @@ auto_load_safe_path_vec_update (void)
     }
 }
 
+/* Variable gdb_datadir has been set.  Update content depending on $ddir.  */
+
+static void
+auto_load_gdb_datadir_changed (void)
+{
+  auto_load_safe_path_vec_update ();
+}
+
 /* "set" command for the auto_load_safe_path configuration variable.  */
 
 static void
 set_auto_load_safe_path (char *args, int from_tty, struct cmd_list_element *c)
 {
+  /* Setting the variable to "" resets it to the compile time defaults.  */
   if (auto_load_safe_path[0] == '\0')
     {
       xfree (auto_load_safe_path);
-      auto_load_safe_path = xstrdup (DEFAULT_AUTO_LOAD_SAFE_PATH);
+      auto_load_safe_path = xstrdup (AUTO_LOAD_SAFE_PATH);
     }
 
   auto_load_safe_path_vec_update ();
@@ -1040,7 +1056,7 @@ This options has security implications for untrusted inferiors."),
 Usage: info auto-load local-gdbinit"),
 	   auto_load_info_cmdlist_get ());
 
-  auto_load_safe_path = xstrdup (DEFAULT_AUTO_LOAD_SAFE_PATH);
+  auto_load_safe_path = xstrdup (AUTO_LOAD_SAFE_PATH);
   auto_load_safe_path_vec_update ();
   add_setshow_optional_filename_cmd ("safe-path", class_support,
 				     &auto_load_safe_path, _("\
@@ -1058,6 +1074,7 @@ This options has security implications for untrusted inferiors."),
 				     show_auto_load_safe_path,
 				     auto_load_set_cmdlist_get (),
 				     auto_load_show_cmdlist_get ());
+  observer_attach_gdb_datadir_changed (auto_load_gdb_datadir_changed);
 
   cmd = add_cmd ("add-auto-load-safe-path", class_support,
 		 add_auto_load_safe_path,
--- a/gdb/config.in
+++ b/gdb/config.in
@@ -3,6 +3,9 @@
 /* Define if building universal (internal helper macro) */
 #undef AC_APPLE_UNIVERSAL_BUILD
 
+/* Directories safe to hold auto-loaded files. */
+#undef AUTO_LOAD_SAFE_PATH
+
 /* Directory of programs. */
 #undef BINDIR
 
@@ -24,9 +27,6 @@
    moved. */
 #undef DEBUGDIR_RELOCATABLE
 
-/* Directories safe to hold auto-loaded files. */
-#undef DEFAULT_AUTO_LOAD_SAFE_PATH
-
 /* Define to BFD's default architecture. */
 #undef DEFAULT_BFD_ARCH
 
--- a/gdb/configure
+++ b/gdb/configure
@@ -1486,7 +1486,8 @@ Optional Packages:
   --with-relocated-sources=PATH
                           automatically relocate this path for source files
   --with-auto-load-safe-path=PATH
-                          directories safe to hold auto-loaded files
+                          directories safe to hold auto-loaded files, use
+                          $ddir for --with-gdb-datadir path [$ddir/auto-load]
   --without-auto-load-safe-path
                           do not restrict auto-loaded files locations
   --with-libunwind-ia64   use libunwind frame unwinding for ia64 targets
@@ -4964,20 +4965,21 @@ $as_echo_n "checking for default auto-load safe-path... " >&6; }
 # Check whether --with-auto-load-safe-path was given.
 if test "${with_auto_load_safe_path+set}" = set; then :
   withval=$with_auto_load_safe_path; if test "$with_auto_load_safe_path" = "no"; then
-   with_auto_load_safe_path="/"
- fi
+     with_auto_load_safe_path="/"
+     fi
 else
-  with_auto_load_safe_path="$prefix"
+  with_auto_load_safe_path='$ddir/auto-load'
 fi
 
+escape_dir=`echo $with_auto_load_safe_path | sed 's/[$]ddir\>/\\\\\\\\\\\\&/g'`
 
   test "x$prefix" = xNONE && prefix="$ac_default_prefix"
   test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
-  ac_define_dir=`eval echo $with_auto_load_safe_path`
+  ac_define_dir=`eval echo $escape_dir`
   ac_define_dir=`eval echo $ac_define_dir`
 
 cat >>confdefs.h <<_ACEOF
-#define DEFAULT_AUTO_LOAD_SAFE_PATH "$ac_define_dir"
+#define AUTO_LOAD_SAFE_PATH "$ac_define_dir"
 _ACEOF
 
 
--- a/gdb/configure.ac
+++ b/gdb/configure.ac
@@ -138,13 +138,16 @@ AS_HELP_STRING([--with-relocated-sources=PATH], [automatically relocate this pat
 
 AC_MSG_CHECKING([for default auto-load safe-path])
 AC_ARG_WITH(auto-load-safe-path,
-AS_HELP_STRING([--with-auto-load-safe-path=PATH], [directories safe to hold auto-loaded files])
-AS_HELP_STRING([--without-auto-load-safe-path], [do not restrict auto-loaded files locations]),
-[if test "$with_auto_load_safe_path" = "no"; then
-   with_auto_load_safe_path="/"
- fi],
-[with_auto_load_safe_path="$prefix"])
-AC_DEFINE_DIR(DEFAULT_AUTO_LOAD_SAFE_PATH, with_auto_load_safe_path,
+AS_HELP_STRING([--with-auto-load-safe-path=PATH],
+  [directories safe to hold auto-loaded files, use $ddir for --with-gdb-datadir path @<:@$ddir/auto-load@:>@])
+AS_HELP_STRING([--without-auto-load-safe-path],
+               [do not restrict auto-loaded files locations]),
+    [if test "$with_auto_load_safe_path" = "no"; then
+     with_auto_load_safe_path="/"
+     fi],
+[with_auto_load_safe_path='$ddir/auto-load'])
+escape_dir=`echo $with_auto_load_safe_path | sed 's/[[$]]ddir\>/\\\\\\\\\\\\&/g'`
+AC_DEFINE_DIR(AUTO_LOAD_SAFE_PATH, escape_dir,
 	      [Directories safe to hold auto-loaded files.])
 AC_MSG_RESULT([$with_auto_load_safe_path])
 
--- a/gdb/defs.h
+++ b/gdb/defs.h
@@ -381,6 +381,9 @@ extern struct cleanup *make_bpstat_clear_actions_cleanup (void);
 
 extern int producer_is_gcc_ge_4 (const char *producer);
 
+extern void substitute_path_component (char **stringp, const char *from,
+				       const char *to);
+
 #ifdef HAVE_WAITPID
 extern pid_t wait_to_die_with_timeout (pid_t pid, int *status, int timeout);
 #endif
--- a/gdb/doc/gdb.texinfo
+++ b/gdb/doc/gdb.texinfo
@@ -21007,7 +21007,7 @@ libthread-db:  Auto-loading of inferior specific libthread_db is on.
 local-gdbinit:  Auto-loading of .gdbinit script from current directory is on.
 python-scripts:  Auto-loading of Python scripts is on.
 safe-path:  List of directories from which it is safe to auto-load files
-            is /usr/local.
+            is $ddir/auto-load.
 @end smallexample
 
 @anchor{info auto-load}
@@ -21209,9 +21209,9 @@ get loaded:
 $ ./gdb -q ./gdb
 Reading symbols from /home/user/gdb/gdb...done.
 warning: File "/home/user/gdb/gdb-gdb.gdb" auto-loading has been
-         declined by your `auto-load safe-path' set to "/usr/local".
+         declined by your `auto-load safe-path' set to "$ddir/auto-load".
 warning: File "/home/user/gdb/gdb-gdb.py" auto-loading has been
-         declined by your `auto-load safe-path' set to "/usr/local".
+         declined by your `auto-load safe-path' set to "$ddir/auto-load".
 @end smallexample
 
 The list of trusted directories is controlled by the following commands:
@@ -21243,7 +21243,18 @@ loading and execution of scripts.  Multiple entries may be delimited by the
 host platform directory separator in use.
 @end table
 
-Setting this variable to @file{/} disables this security protection.
+This variable defaults to @file{$ddir/auto-load}.  The default @code{set
+auto-load safe-path} value can be also overriden by @value{GDBN} configuration
+option @option{--with-auto-load-safe-path}.
+
+Any used string @file{$ddir} will get replaced by @var{data-directory} which is
+determined at @value{GDBN} startup (@pxref{Data Files}).  @file{$ddir} must be
+be placed as a directory component - either alone or delimited by @file{/} or
+@file{\} directory separators, depending on the host platform.
+
+Setting this variable to @file{/} disables this security protection,
+corresponding @value{GDBN} configuration option is
+@option{--without-auto-load-safe-path}.
 This variable is supposed to be set to the system directories writable by the
 system superuser only.  Users can add their source directories in init files in
 their home directories (@pxref{Home Directory Init File}).  See also deprecated
--- a/gdb/doc/observer.texi
+++ b/gdb/doc/observer.texi
@@ -226,6 +226,10 @@ Called before a top-level prompt is displayed.  @var{current_prompt} is
 the current top-level prompt.
 @end deftypefun
 
+@deftypefun void gdb_datadir_changed (void)
+Variable gdb_datadir has been set.  The value may not necessarily change.
+@end deftypefun
+
 @deftypefun void test_notification (int @var{somearg})
 This observer is used for internal testing.  Do not use.  
 See testsuite/gdb.gdb/observer.exp.
--- a/gdb/top.c
+++ b/gdb/top.c
@@ -47,6 +47,7 @@
 #include "gdbthread.h"
 #include "python/python.h"
 #include "interps.h"
+#include "observer.h"
 
 /* readline include files.  */
 #include "readline/readline.h"
@@ -1559,6 +1560,15 @@ show_exec_done_display_p (struct ui_file *file, int from_tty,
 			    "asynchronous execution commands is %s.\n"),
 		    value);
 }
+
+/* "set" command for the gdb_datadir configuration variable.  */
+
+static void
+set_gdb_datadir (char *args, int from_tty, struct cmd_list_element *c)
+{
+  observer_notify_gdb_datadir_changed ();
+}
+
 static void
 init_main (void)
 {
@@ -1666,7 +1676,7 @@ Use \"on\" to enable the notification, and \"off\" to disable it."),
                            _("Show GDB's data directory."),
                            _("\
 When set, GDB uses the specified path to search for data files."),
-                           NULL, NULL,
+                           set_gdb_datadir, NULL,
                            &setlist,
                            &showlist);
 }
--- a/gdb/utils.c
+++ b/gdb/utils.c
@@ -3724,6 +3724,48 @@ dirnames_to_char_ptr_vec (const char *dirnames)
   return retval;
 }
 
+/* Substitute all occurences of string FROM by string TO in *STRINGP.  *STRINGP
+   must come from xrealloc-compatible allocator and it may be updated.  FROM
+   needs to be delimited by IS_DIR_SEPARATOR (or be located at the start or
+   end of *STRINGP.  */
+
+void
+substitute_path_component (char **stringp, const char *from, const char *to)
+{
+  char *string = *stringp, *s;
+  const size_t from_len = strlen (from);
+  const size_t to_len = strlen (to);
+
+  for (s = string;;)
+    {
+      s = strstr (s, from);
+      if (s == NULL)
+	break;
+
+      if ((s == string || IS_DIR_SEPARATOR (s[-1]))
+          && (s[from_len] == '\0' || IS_DIR_SEPARATOR (s[from_len])))
+	{
+	  char *string_new;
+
+	  string_new = xrealloc (string, (strlen (string) + to_len + 1));
+
+	  /* Relocate the current S pointer.  */
+	  s = s - string + string_new;
+	  string = string_new;
+
+	  /* Replace from by to.  */
+	  memmove (&s[to_len], &s[from_len], strlen (&s[from_len]) + 1);
+	  memcpy (s, to, to_len);
+
+	  s += to_len;
+	}
+      else
+	s++;
+    }
+
+  *stringp = string;
+}
+
 #ifdef HAVE_WAITPID
 
 #ifdef SIGALRM

Re: [patch 1/2] Provide $ddir substitution for --with-auto-load-safe-path

[Eli Zaretskii]

> Date: Wed, 9 May 2012 17:46:40 +0200
> From: Jan Kratochvil <jan.kratochvil@redhat.com>
> 
> Doug has suggested using for auto-load safe-path $ddir representing
> $prefix/share/gdb as current $prefix is still insecure due to $prefix/tmp
> (such as /usr/tmp).
> 	Re: [patch] auto-load safe-path reset back by set ""
> 	http://sourceware.org/ml/gdb-patches/2012-04/msg00724.html
> 
> I had some concerns about relocatability of auto-load safe-path.  Currently it
> is not relocatable but that seems to be a bug.  With $ddir it should no longer
> be needed as data-directory itself is relocated.
> 
> I am sorry I have made a bit "kitchen sink" from it, such as some rename and
> new docs.  I find it all just to be fix ups of the already checked-in
> auto-load patchset.
> 
> No regressions on {x86_64,x86_64-m32,i686}-fedora17-linux-gnu.
> 
> 
> Thanks,
> Jan
> 
> 
> gdb/
> 2012-05-09  Jan Kratochvil  <jan.kratochvil@redhat.com>
> 
> 	Provide $ddir substitution for --with-auto-load-safe-path.
> 	* NEWS (--with-auto-load-safe-path, --without-auto-load-safe-path): New
> 	entries.
> 	* auto-load.c: Include observer.h.
> 	(auto_load_safe_path_vec_update): Call substitute_path_component for
> 	each component.  New variable ddir_subst.
> 	(auto_load_gdb_datadir_changed): New function.
> 	(set_auto_load_safe_path): Rename DEFAULT_AUTO_LOAD_SAFE_PATH to
> 	AUTO_LOAD_SAFE_PATH.  New comment.
> 	(_initialize_auto_load): Rename DEFAULT_AUTO_LOAD_SAFE_PATH to
> 	AUTO_LOAD_SAFE_PATH.  Install auto_load_gdb_datadir_changed.
> 	* config.in: Regenerate.
> 	* configure: Regenerate.
> 	* configure.ac (--auto-load-safe-path): Rename
> 	DEFAULT_AUTO_LOAD_SAFE_PATH to AUTO_LOAD_SAFE_PATH.  Default to
> 	GDB_DATADIR/auto-load.
> 	* defs.h (substitute_path_component): New declaration.
> 	* top.c: Include observer.h.
> 	(set_gdb_datadir): New function.
> 	(init_main): Install it for "set data-directory".
> 	* utils.c (substitute_path_component): New function.
> 
> gdb/doc/
> 2012-05-09  Jan Kratochvil  <jan.kratochvil@redhat.com>
> 
> 	Provide $ddir substitution for --with-auto-load-safe-path.
> 	* gdb.texinfo (Auto-loading): Replace /usr/local by $ddir/auto-load.
> 	(Auto-loading safe path): Likewise.  Mention the default value,
> 	$ddir substitution, --with-auto-load-safe-path and
> 	--without-auto-load-safe-path.
> 	* observer.texi (gdb_datadir_changed): New.
> 
> --- a/gdb/NEWS
> +++ b/gdb/NEWS
> @@ -181,6 +181,17 @@ set debug auto-load on|off
>  show debug auto-load
>    Control display of debugging info for auto-loading the files above.
>  
> +* New configure options
> +
> +--with-auto-load-safe-path
> +  Configure default value for the 'set auto-load safe-path' setting
> +  above.  It defaults to '$ddir/auto-load', $ddir representing the value
> +  of configure option --with-gdb-datadir.
> +
> +--without-auto-load-safe-path
> +  Set 'set auto-load safe-path' to '/', effectively disabling this
> +  security feature.
> +
>  * New remote packets
>  
>  z0/z1 conditional breakpoints extension
> --- a/gdb/auto-load.c
> +++ b/gdb/auto-load.c
> @@ -35,6 +35,7 @@
>  #include "gdb_vecs.h"
>  #include "readline/tilde.h"
>  #include "completer.h"
> +#include "observer.h"
>  
>  /* The suffix of per-objfile scripts to auto-load as non-Python command files.
>     E.g. When the program loads libfoo.so, look for libfoo-gdb.gdb.  */
> @@ -141,10 +142,16 @@ auto_load_safe_path_vec_update (void)
>    for (ix = 0; ix < len; ix++)
>      {
>        char *dir = VEC_index (char_ptr, auto_load_safe_path_vec, ix);
> -      char *expanded = tilde_expand (dir);
> -      char *real_path = gdb_realpath (expanded);
> +      char *ddir_subst, *expanded, *real_path;
> +
> +      ddir_subst = xstrdup (dir);
> +      substitute_path_component (&ddir_subst, "$ddir", gdb_datadir);
> +      expanded = tilde_expand (ddir_subst);
> +      xfree (ddir_subst);
> +      real_path = gdb_realpath (expanded);
>  
> -      /* Ensure the current entry is at least tilde_expand-ed.  */
> +      /* Ensure the current entry is at least a valid path (therefore
> +	 $ddir-expanded and tilde-expanded).  */
>        VEC_replace (char_ptr, auto_load_safe_path_vec, ix, expanded);
>  
>        if (debug_auto_load)
> @@ -176,15 +183,24 @@ auto_load_safe_path_vec_update (void)
>      }
>  }
>  
> +/* Variable gdb_datadir has been set.  Update content depending on $ddir.  */
> +
> +static void
> +auto_load_gdb_datadir_changed (void)
> +{
> +  auto_load_safe_path_vec_update ();
> +}
> +
>  /* "set" command for the auto_load_safe_path configuration variable.  */
>  
>  static void
>  set_auto_load_safe_path (char *args, int from_tty, struct cmd_list_element *c)
>  {
> +  /* Setting the variable to "" resets it to the compile time defaults.  */
>    if (auto_load_safe_path[0] == '\0')
>      {
>        xfree (auto_load_safe_path);
> -      auto_load_safe_path = xstrdup (DEFAULT_AUTO_LOAD_SAFE_PATH);
> +      auto_load_safe_path = xstrdup (AUTO_LOAD_SAFE_PATH);
>      }
>  
>    auto_load_safe_path_vec_update ();
> @@ -1040,7 +1056,7 @@ This options has security implications for untrusted inferiors."),
>  Usage: info auto-load local-gdbinit"),
>  	   auto_load_info_cmdlist_get ());
>  
> -  auto_load_safe_path = xstrdup (DEFAULT_AUTO_LOAD_SAFE_PATH);
> +  auto_load_safe_path = xstrdup (AUTO_LOAD_SAFE_PATH);
>    auto_load_safe_path_vec_update ();
>    add_setshow_optional_filename_cmd ("safe-path", class_support,
>  				     &auto_load_safe_path, _("\
> @@ -1058,6 +1074,7 @@ This options has security implications for untrusted inferiors."),
>  				     show_auto_load_safe_path,
>  				     auto_load_set_cmdlist_get (),
>  				     auto_load_show_cmdlist_get ());
> +  observer_attach_gdb_datadir_changed (auto_load_gdb_datadir_changed);
>  
>    cmd = add_cmd ("add-auto-load-safe-path", class_support,
>  		 add_auto_load_safe_path,
> --- a/gdb/config.in
> +++ b/gdb/config.in
> @@ -3,6 +3,9 @@
>  /* Define if building universal (internal helper macro) */
>  #undef AC_APPLE_UNIVERSAL_BUILD
>  
> +/* Directories safe to hold auto-loaded files. */
> +#undef AUTO_LOAD_SAFE_PATH
> +
>  /* Directory of programs. */
>  #undef BINDIR
>  
> @@ -24,9 +27,6 @@
>     moved. */
>  #undef DEBUGDIR_RELOCATABLE
>  
> -/* Directories safe to hold auto-loaded files. */
> -#undef DEFAULT_AUTO_LOAD_SAFE_PATH
> -
>  /* Define to BFD's default architecture. */
>  #undef DEFAULT_BFD_ARCH
>  
> --- a/gdb/configure
> +++ b/gdb/configure
> @@ -1486,7 +1486,8 @@ Optional Packages:
>    --with-relocated-sources=PATH
>                            automatically relocate this path for source files
>    --with-auto-load-safe-path=PATH
> -                          directories safe to hold auto-loaded files
> +                          directories safe to hold auto-loaded files, use
> +                          $ddir for --with-gdb-datadir path [$ddir/auto-load]
>    --without-auto-load-safe-path
>                            do not restrict auto-loaded files locations
>    --with-libunwind-ia64   use libunwind frame unwinding for ia64 targets
> @@ -4964,20 +4965,21 @@ $as_echo_n "checking for default auto-load safe-path... " >&6; }
>  # Check whether --with-auto-load-safe-path was given.
>  if test "${with_auto_load_safe_path+set}" = set; then :
>    withval=$with_auto_load_safe_path; if test "$with_auto_load_safe_path" = "no"; then
> -   with_auto_load_safe_path="/"
> - fi
> +     with_auto_load_safe_path="/"
> +     fi
>  else
> -  with_auto_load_safe_path="$prefix"
> +  with_auto_load_safe_path='$ddir/auto-load'
>  fi
>  
> +escape_dir=`echo $with_auto_load_safe_path | sed 's/[$]ddir\>/\\\\\\\\\\\\&/g'`
>  
>    test "x$prefix" = xNONE && prefix="$ac_default_prefix"
>    test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
> -  ac_define_dir=`eval echo $with_auto_load_safe_path`
> +  ac_define_dir=`eval echo $escape_dir`
>    ac_define_dir=`eval echo $ac_define_dir`
>  
>  cat >>confdefs.h <<_ACEOF
> -#define DEFAULT_AUTO_LOAD_SAFE_PATH "$ac_define_dir"
> +#define AUTO_LOAD_SAFE_PATH "$ac_define_dir"
>  _ACEOF
>  
>  
> --- a/gdb/configure.ac
> +++ b/gdb/configure.ac
> @@ -138,13 +138,16 @@ AS_HELP_STRING([--with-relocated-sources=PATH], [automatically relocate this pat
>  
>  AC_MSG_CHECKING([for default auto-load safe-path])
>  AC_ARG_WITH(auto-load-safe-path,
> -AS_HELP_STRING([--with-auto-load-safe-path=PATH], [directories safe to hold auto-loaded files])
> -AS_HELP_STRING([--without-auto-load-safe-path], [do not restrict auto-loaded files locations]),
> -[if test "$with_auto_load_safe_path" = "no"; then
> -   with_auto_load_safe_path="/"
> - fi],
> -[with_auto_load_safe_path="$prefix"])
> -AC_DEFINE_DIR(DEFAULT_AUTO_LOAD_SAFE_PATH, with_auto_load_safe_path,
> +AS_HELP_STRING([--with-auto-load-safe-path=PATH],
> +  [directories safe to hold auto-loaded files, use $ddir for --with-gdb-datadir path @<:@$ddir/auto-load@:>@])
> +AS_HELP_STRING([--without-auto-load-safe-path],
> +               [do not restrict auto-loaded files locations]),
> +    [if test "$with_auto_load_safe_path" = "no"; then
> +     with_auto_load_safe_path="/"
> +     fi],
> +[with_auto_load_safe_path='$ddir/auto-load'])
> +escape_dir=`echo $with_auto_load_safe_path | sed 's/[[$]]ddir\>/\\\\\\\\\\\\&/g'`
> +AC_DEFINE_DIR(AUTO_LOAD_SAFE_PATH, escape_dir,
>  	      [Directories safe to hold auto-loaded files.])
>  AC_MSG_RESULT([$with_auto_load_safe_path])
>  
> --- a/gdb/defs.h
> +++ b/gdb/defs.h
> @@ -381,6 +381,9 @@ extern struct cleanup *make_bpstat_clear_actions_cleanup (void);
>  
>  extern int producer_is_gcc_ge_4 (const char *producer);
>  
> +extern void substitute_path_component (char **stringp, const char *from,
> +				       const char *to);
> +
>  #ifdef HAVE_WAITPID
>  extern pid_t wait_to_die_with_timeout (pid_t pid, int *status, int timeout);
>  #endif
> --- a/gdb/doc/gdb.texinfo
> +++ b/gdb/doc/gdb.texinfo
> @@ -21007,7 +21007,7 @@ libthread-db:  Auto-loading of inferior specific libthread_db is on.
>  local-gdbinit:  Auto-loading of .gdbinit script from current directory is on.
>  python-scripts:  Auto-loading of Python scripts is on.
>  safe-path:  List of directories from which it is safe to auto-load files
> -            is /usr/local.
> +            is $ddir/auto-load.
>  @end smallexample
>  
>  @anchor{info auto-load}
> @@ -21209,9 +21209,9 @@ get loaded:
>  $ ./gdb -q ./gdb
>  Reading symbols from /home/user/gdb/gdb...done.
>  warning: File "/home/user/gdb/gdb-gdb.gdb" auto-loading has been
> -         declined by your `auto-load safe-path' set to "/usr/local".
> +         declined by your `auto-load safe-path' set to "$ddir/auto-load".
>  warning: File "/home/user/gdb/gdb-gdb.py" auto-loading has been
> -         declined by your `auto-load safe-path' set to "/usr/local".
> +         declined by your `auto-load safe-path' set to "$ddir/auto-load".
>  @end smallexample

I think these lines just got too long for @smallexample.  Did you try
to produce the PDF version, and if so, did you see these lines
overflow the margin?

> +be placed as a directory component - either alone or delimited by @file{/} or

"---", not "-".  We want an em-dash here. not a minus.

Okay with that.  Thanks.

[obv doc] Fix too wide @smallexample [Re: [patch 1/2] Provide $ddir substitution for --with-auto-load-safe-path]

[Jan Kratochvil]

On Wed, 09 May 2012 19:41:08 +0200, Eli Zaretskii wrote:
> > --- a/gdb/doc/gdb.texinfo
> > +++ b/gdb/doc/gdb.texinfo
> > @@ -21007,7 +21007,7 @@ libthread-db:  Auto-loading of inferior specific libthread_db is on.
> >  local-gdbinit:  Auto-loading of .gdbinit script from current directory is on.
> >  python-scripts:  Auto-loading of Python scripts is on.
> >  safe-path:  List of directories from which it is safe to auto-load files
> > -            is /usr/local.
> > +            is $ddir/auto-load.
> >  @end smallexample
> >  
> >  @anchor{info auto-load}
> > @@ -21209,9 +21209,9 @@ get loaded:
> >  $ ./gdb -q ./gdb
> >  Reading symbols from /home/user/gdb/gdb...done.
> >  warning: File "/home/user/gdb/gdb-gdb.gdb" auto-loading has been
> > -         declined by your `auto-load safe-path' set to "/usr/local".
> > +         declined by your `auto-load safe-path' set to "$ddir/auto-load".
> >  warning: File "/home/user/gdb/gdb-gdb.py" auto-loading has been
> > -         declined by your `auto-load safe-path' set to "/usr/local".
> > +         declined by your `auto-load safe-path' set to "$ddir/auto-load".
> >  @end smallexample
> 
> I think these lines just got too long for @smallexample.  Did you try
> to produce the PDF version, and if so, did you see these lines
> overflow the margin?

I do not see there any problem, do you?
	http://people.redhat.com/jkratoch/smallexample.png

But I have seen some other two cases which format more wide than the
surrounding paragraphs, checked in those as obvious.


Thanks,
Jan


http://sourceware.org/ml/gdb-cvs/2012-05/msg00059.html

--- src/gdb/doc/ChangeLog	2012/05/06 15:31:04	1.1309
+++ src/gdb/doc/ChangeLog	2012/05/09 18:15:58	1.1310
@@ -1,3 +1,8 @@
+2012-05-09  Jan Kratochvil  <jan.kratochvil@redhat.com>
+
+	* gdb.texinfo (Auto-loading): Wrap too long lines in @smallexample.
+	Twice.
+
 2012-05-06  Jan Kratochvil  <jan.kratochvil@redhat.com>
 
 	* gdb.texinfo (Auto-loading safe path): Make 'directories'
--- src/gdb/doc/gdb.texinfo	2012/05/06 15:31:04	1.955
+++ src/gdb/doc/gdb.texinfo	2012/05/09 18:15:58	1.956
@@ -21004,7 +21004,8 @@
 (gdb) show auto-load
 gdb-scripts:  Auto-loading of canned sequences of commands scripts is on.
 libthread-db:  Auto-loading of inferior specific libthread_db is on.
-local-gdbinit:  Auto-loading of .gdbinit script from current directory is on.
+local-gdbinit:  Auto-loading of .gdbinit script from current directory
+                is on.
 python-scripts:  Auto-loading of Python scripts is on.
 safe-path:  List of directories from which it is safe to auto-load files
             is /usr/local.
@@ -21022,7 +21023,8 @@
 Loaded  Script
 Yes     /home/user/gdb/gdb-gdb.gdb
 libthread-db:  No auto-loaded libthread-db.
-local-gdbinit:  Local .gdbinit file "/home/user/gdb/.gdbinit" has been loaded.
+local-gdbinit:  Local .gdbinit file "/home/user/gdb/.gdbinit" has been
+                loaded.
 python-scripts:
 Loaded  Script
 Yes     /home/user/gdb/gdb-gdb.py

Re: [obv doc] Fix too wide @smallexample [Re: [patch 1/2] Provide $ddir substitution for --with-auto-load-safe-path]

[Eli Zaretskii]

> Date: Wed, 9 May 2012 20:16:40 +0200
> From: Jan Kratochvil <jan.kratochvil@redhat.com>
> Cc: gdb-patches@sourceware.org
> 
> > I think these lines just got too long for @smallexample.  Did you try
> > to produce the PDF version, and if so, did you see these lines
> > overflow the margin?
> 
> I do not see there any problem, do you?
> 	http://people.redhat.com/jkratoch/smallexample.png

This is fine.

> But I have seen some other two cases which format more wide than the
> surrounding paragraphs, checked in those as obvious.

Thanks.

Re: [patch 1/2] Provide $ddir substitution for --with-auto-load-safe-path

[Jan Kratochvil]

On Wed, 09 May 2012 19:41:08 +0200, Eli Zaretskii wrote:
> Okay with that.  Thanks.

Updated just the doc.


Thanks,
Jan



gdb/
2012-05-09  Jan Kratochvil  <jan.kratochvil@redhat.com>

	Provide $ddir substitution for --with-auto-load-safe-path.
	* NEWS (--with-auto-load-safe-path, --without-auto-load-safe-path): New
	entries.
	* auto-load.c: Include observer.h.
	(auto_load_safe_path_vec_update): Call substitute_path_component for
	each component.  New variable ddir_subst.
	(auto_load_gdb_datadir_changed): New function.
	(set_auto_load_safe_path): Rename DEFAULT_AUTO_LOAD_SAFE_PATH to
	AUTO_LOAD_SAFE_PATH.  New comment.
	(_initialize_auto_load): Rename DEFAULT_AUTO_LOAD_SAFE_PATH to
	AUTO_LOAD_SAFE_PATH.  Install auto_load_gdb_datadir_changed.
	* config.in: Regenerate.
	* configure: Regenerate.
	* configure.ac (--auto-load-safe-path): Rename
	DEFAULT_AUTO_LOAD_SAFE_PATH to AUTO_LOAD_SAFE_PATH.  Default to
	GDB_DATADIR/auto-load.
	* defs.h (substitute_path_component): New declaration.
	* top.c: Include observer.h.
	(set_gdb_datadir): New function.
	(init_main): Install it for "set data-directory".
	* utils.c (substitute_path_component): New function.

gdb/doc/
2012-05-09  Jan Kratochvil  <jan.kratochvil@redhat.com>

	Provide $ddir substitution for --with-auto-load-safe-path.
	* gdb.texinfo (Auto-loading): Replace /usr/local by $ddir/auto-load.
	(Auto-loading safe path): Likewise.  Mention the default value,
	$ddir substitution, --with-auto-load-safe-path and
	--without-auto-load-safe-path.
	* observer.texi (gdb_datadir_changed): New.

--- a/gdb/NEWS
+++ b/gdb/NEWS
@@ -181,6 +181,17 @@ set debug auto-load on|off
 show debug auto-load
   Control display of debugging info for auto-loading the files above.
 
+* New configure options
+
+--with-auto-load-safe-path
+  Configure default value for the 'set auto-load safe-path' setting
+  above.  It defaults to '$ddir/auto-load', $ddir representing the value
+  of configure option --with-gdb-datadir.
+
+--without-auto-load-safe-path
+  Set 'set auto-load safe-path' to '/', effectively disabling this
+  security feature.
+
 * New remote packets
 
 z0/z1 conditional breakpoints extension
--- a/gdb/auto-load.c
+++ b/gdb/auto-load.c
@@ -35,6 +35,7 @@
 #include "gdb_vecs.h"
 #include "readline/tilde.h"
 #include "completer.h"
+#include "observer.h"
 
 /* The suffix of per-objfile scripts to auto-load as non-Python command files.
    E.g. When the program loads libfoo.so, look for libfoo-gdb.gdb.  */
@@ -141,10 +142,16 @@ auto_load_safe_path_vec_update (void)
   for (ix = 0; ix < len; ix++)
     {
       char *dir = VEC_index (char_ptr, auto_load_safe_path_vec, ix);
-      char *expanded = tilde_expand (dir);
-      char *real_path = gdb_realpath (expanded);
+      char *ddir_subst, *expanded, *real_path;
+
+      ddir_subst = xstrdup (dir);
+      substitute_path_component (&ddir_subst, "$ddir", gdb_datadir);
+      expanded = tilde_expand (ddir_subst);
+      xfree (ddir_subst);
+      real_path = gdb_realpath (expanded);
 
-      /* Ensure the current entry is at least tilde_expand-ed.  */
+      /* Ensure the current entry is at least a valid path (therefore
+	 $ddir-expanded and tilde-expanded).  */
       VEC_replace (char_ptr, auto_load_safe_path_vec, ix, expanded);
 
       if (debug_auto_load)
@@ -176,15 +183,24 @@ auto_load_safe_path_vec_update (void)
     }
 }
 
+/* Variable gdb_datadir has been set.  Update content depending on $ddir.  */
+
+static void
+auto_load_gdb_datadir_changed (void)
+{
+  auto_load_safe_path_vec_update ();
+}
+
 /* "set" command for the auto_load_safe_path configuration variable.  */
 
 static void
 set_auto_load_safe_path (char *args, int from_tty, struct cmd_list_element *c)
 {
+  /* Setting the variable to "" resets it to the compile time defaults.  */
   if (auto_load_safe_path[0] == '\0')
     {
       xfree (auto_load_safe_path);
-      auto_load_safe_path = xstrdup (DEFAULT_AUTO_LOAD_SAFE_PATH);
+      auto_load_safe_path = xstrdup (AUTO_LOAD_SAFE_PATH);
     }
 
   auto_load_safe_path_vec_update ();
@@ -1040,7 +1056,7 @@ This options has security implications for untrusted inferiors."),
 Usage: info auto-load local-gdbinit"),
 	   auto_load_info_cmdlist_get ());
 
-  auto_load_safe_path = xstrdup (DEFAULT_AUTO_LOAD_SAFE_PATH);
+  auto_load_safe_path = xstrdup (AUTO_LOAD_SAFE_PATH);
   auto_load_safe_path_vec_update ();
   add_setshow_optional_filename_cmd ("safe-path", class_support,
 				     &auto_load_safe_path, _("\
@@ -1058,6 +1074,7 @@ This options has security implications for untrusted inferiors."),
 				     show_auto_load_safe_path,
 				     auto_load_set_cmdlist_get (),
 				     auto_load_show_cmdlist_get ());
+  observer_attach_gdb_datadir_changed (auto_load_gdb_datadir_changed);
 
   cmd = add_cmd ("add-auto-load-safe-path", class_support,
 		 add_auto_load_safe_path,
--- a/gdb/config.in
+++ b/gdb/config.in
@@ -3,6 +3,9 @@
 /* Define if building universal (internal helper macro) */
 #undef AC_APPLE_UNIVERSAL_BUILD
 
+/* Directories safe to hold auto-loaded files. */
+#undef AUTO_LOAD_SAFE_PATH
+
 /* Directory of programs. */
 #undef BINDIR
 
@@ -24,9 +27,6 @@
    moved. */
 #undef DEBUGDIR_RELOCATABLE
 
-/* Directories safe to hold auto-loaded files. */
-#undef DEFAULT_AUTO_LOAD_SAFE_PATH
-
 /* Define to BFD's default architecture. */
 #undef DEFAULT_BFD_ARCH
 
--- a/gdb/configure
+++ b/gdb/configure
@@ -1486,7 +1486,8 @@ Optional Packages:
   --with-relocated-sources=PATH
                           automatically relocate this path for source files
   --with-auto-load-safe-path=PATH
-                          directories safe to hold auto-loaded files
+                          directories safe to hold auto-loaded files, use
+                          $ddir for --with-gdb-datadir path [$ddir/auto-load]
   --without-auto-load-safe-path
                           do not restrict auto-loaded files locations
   --with-libunwind-ia64   use libunwind frame unwinding for ia64 targets
@@ -4964,20 +4965,21 @@ $as_echo_n "checking for default auto-load safe-path... " >&6; }
 # Check whether --with-auto-load-safe-path was given.
 if test "${with_auto_load_safe_path+set}" = set; then :
   withval=$with_auto_load_safe_path; if test "$with_auto_load_safe_path" = "no"; then
-   with_auto_load_safe_path="/"
- fi
+     with_auto_load_safe_path="/"
+     fi
 else
-  with_auto_load_safe_path="$prefix"
+  with_auto_load_safe_path='$ddir/auto-load'
 fi
 
+escape_dir=`echo $with_auto_load_safe_path | sed 's/[$]ddir\>/\\\\\\\\\\\\&/g'`
 
   test "x$prefix" = xNONE && prefix="$ac_default_prefix"
   test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
-  ac_define_dir=`eval echo $with_auto_load_safe_path`
+  ac_define_dir=`eval echo $escape_dir`
   ac_define_dir=`eval echo $ac_define_dir`
 
 cat >>confdefs.h <<_ACEOF
-#define DEFAULT_AUTO_LOAD_SAFE_PATH "$ac_define_dir"
+#define AUTO_LOAD_SAFE_PATH "$ac_define_dir"
 _ACEOF
 
 
--- a/gdb/configure.ac
+++ b/gdb/configure.ac
@@ -138,13 +138,16 @@ AS_HELP_STRING([--with-relocated-sources=PATH], [automatically relocate this pat
 
 AC_MSG_CHECKING([for default auto-load safe-path])
 AC_ARG_WITH(auto-load-safe-path,
-AS_HELP_STRING([--with-auto-load-safe-path=PATH], [directories safe to hold auto-loaded files])
-AS_HELP_STRING([--without-auto-load-safe-path], [do not restrict auto-loaded files locations]),
-[if test "$with_auto_load_safe_path" = "no"; then
-   with_auto_load_safe_path="/"
- fi],
-[with_auto_load_safe_path="$prefix"])
-AC_DEFINE_DIR(DEFAULT_AUTO_LOAD_SAFE_PATH, with_auto_load_safe_path,
+AS_HELP_STRING([--with-auto-load-safe-path=PATH],
+  [directories safe to hold auto-loaded files, use $ddir for --with-gdb-datadir path @<:@$ddir/auto-load@:>@])
+AS_HELP_STRING([--without-auto-load-safe-path],
+               [do not restrict auto-loaded files locations]),
+    [if test "$with_auto_load_safe_path" = "no"; then
+     with_auto_load_safe_path="/"
+     fi],
+[with_auto_load_safe_path='$ddir/auto-load'])
+escape_dir=`echo $with_auto_load_safe_path | sed 's/[[$]]ddir\>/\\\\\\\\\\\\&/g'`
+AC_DEFINE_DIR(AUTO_LOAD_SAFE_PATH, escape_dir,
 	      [Directories safe to hold auto-loaded files.])
 AC_MSG_RESULT([$with_auto_load_safe_path])
 
--- a/gdb/defs.h
+++ b/gdb/defs.h
@@ -381,6 +381,9 @@ extern struct cleanup *make_bpstat_clear_actions_cleanup (void);
 
 extern int producer_is_gcc_ge_4 (const char *producer);
 
+extern void substitute_path_component (char **stringp, const char *from,
+				       const char *to);
+
 #ifdef HAVE_WAITPID
 extern pid_t wait_to_die_with_timeout (pid_t pid, int *status, int timeout);
 #endif
--- a/gdb/doc/gdb.texinfo
+++ b/gdb/doc/gdb.texinfo
@@ -21007,7 +21007,7 @@ libthread-db:  Auto-loading of inferior specific libthread_db is on.
 local-gdbinit:  Auto-loading of .gdbinit script from current directory is on.
 python-scripts:  Auto-loading of Python scripts is on.
 safe-path:  List of directories from which it is safe to auto-load files
-            is /usr/local.
+            is $ddir/auto-load.
 @end smallexample
 
 @anchor{info auto-load}
@@ -21209,9 +21209,9 @@ get loaded:
 $ ./gdb -q ./gdb
 Reading symbols from /home/user/gdb/gdb...done.
 warning: File "/home/user/gdb/gdb-gdb.gdb" auto-loading has been
-         declined by your `auto-load safe-path' set to "/usr/local".
+         declined by your `auto-load safe-path' set to "$ddir/auto-load".
 warning: File "/home/user/gdb/gdb-gdb.py" auto-loading has been
-         declined by your `auto-load safe-path' set to "/usr/local".
+         declined by your `auto-load safe-path' set to "$ddir/auto-load".
 @end smallexample
 
 The list of trusted directories is controlled by the following commands:
@@ -21243,7 +21243,18 @@ loading and execution of scripts.  Multiple entries may be delimited by the
 host platform directory separator in use.
 @end table
 
-Setting this variable to @file{/} disables this security protection.
+This variable defaults to @file{$ddir/auto-load}.  The default @code{set
+auto-load safe-path} value can be also overriden by @value{GDBN} configuration
+option @option{--with-auto-load-safe-path}.
+
+Any used string @file{$ddir} will get replaced by @var{data-directory} which is
+determined at @value{GDBN} startup (@pxref{Data Files}).  @file{$ddir} must be
+be placed as a directory component --- either alone or delimited by @file{/} or
+@file{\} directory separators, depending on the host platform.
+
+Setting this variable to @file{/} disables this security protection,
+corresponding @value{GDBN} configuration option is
+@option{--without-auto-load-safe-path}.
 This variable is supposed to be set to the system directories writable by the
 system superuser only.  Users can add their source directories in init files in
 their home directories (@pxref{Home Directory Init File}).  See also deprecated
--- a/gdb/doc/observer.texi
+++ b/gdb/doc/observer.texi
@@ -226,6 +226,10 @@ Called before a top-level prompt is displayed.  @var{current_prompt} is
 the current top-level prompt.
 @end deftypefun
 
+@deftypefun void gdb_datadir_changed (void)
+Variable gdb_datadir has been set.  The value may not necessarily change.
+@end deftypefun
+
 @deftypefun void test_notification (int @var{somearg})
 This observer is used for internal testing.  Do not use.  
 See testsuite/gdb.gdb/observer.exp.
--- a/gdb/top.c
+++ b/gdb/top.c
@@ -47,6 +47,7 @@
 #include "gdbthread.h"
 #include "python/python.h"
 #include "interps.h"
+#include "observer.h"
 
 /* readline include files.  */
 #include "readline/readline.h"
@@ -1559,6 +1560,15 @@ show_exec_done_display_p (struct ui_file *file, int from_tty,
 			    "asynchronous execution commands is %s.\n"),
 		    value);
 }
+
+/* "set" command for the gdb_datadir configuration variable.  */
+
+static void
+set_gdb_datadir (char *args, int from_tty, struct cmd_list_element *c)
+{
+  observer_notify_gdb_datadir_changed ();
+}
+
 static void
 init_main (void)
 {
@@ -1666,7 +1676,7 @@ Use \"on\" to enable the notification, and \"off\" to disable it."),
                            _("Show GDB's data directory."),
                            _("\
 When set, GDB uses the specified path to search for data files."),
-                           NULL, NULL,
+                           set_gdb_datadir, NULL,
                            &setlist,
                            &showlist);
 }
--- a/gdb/utils.c
+++ b/gdb/utils.c
@@ -3724,6 +3724,48 @@ dirnames_to_char_ptr_vec (const char *dirnames)
   return retval;
 }
 
+/* Substitute all occurences of string FROM by string TO in *STRINGP.  *STRINGP
+   must come from xrealloc-compatible allocator and it may be updated.  FROM
+   needs to be delimited by IS_DIR_SEPARATOR (or be located at the start or
+   end of *STRINGP.  */
+
+void
+substitute_path_component (char **stringp, const char *from, const char *to)
+{
+  char *string = *stringp, *s;
+  const size_t from_len = strlen (from);
+  const size_t to_len = strlen (to);
+
+  for (s = string;;)
+    {
+      s = strstr (s, from);
+      if (s == NULL)
+	break;
+
+      if ((s == string || IS_DIR_SEPARATOR (s[-1]))
+          && (s[from_len] == '\0' || IS_DIR_SEPARATOR (s[from_len])))
+	{
+	  char *string_new;
+
+	  string_new = xrealloc (string, (strlen (string) + to_len + 1));
+
+	  /* Relocate the current S pointer.  */
+	  s = s - string + string_new;
+	  string = string_new;
+
+	  /* Replace from by to.  */
+	  memmove (&s[to_len], &s[from_len], strlen (&s[from_len]) + 1);
+	  memcpy (s, to, to_len);
+
+	  s += to_len;
+	}
+      else
+	s++;
+    }
+
+  *stringp = string;
+}
+
 #ifdef HAVE_WAITPID
 
 #ifdef SIGALRM

Re: [patch 1/2] Provide $ddir substitution for --with-auto-load-safe-path

[Joel Brobecker]

It's a nice addition to have the auto-load safe-path relocatable...

> +--with-auto-load-safe-path
> +  Configure default value for the 'set auto-load safe-path' setting
> +  above.  It defaults to '$ddir/auto-load', $ddir representing the value
> +  of configure option --with-gdb-datadir.

I don't think that this is entirely accurate. $ddir represents the
GDB data dir, whose value can easily be different from the value passed
via --with-gdb-datadir.  I would refer to the value of "set
data-directory" instead.

-- 
Joel

Re: [patch 1/2] Provide $ddir substitution for --with-auto-load-safe-path

[Jan Kratochvil]

On Wed, 09 May 2012 22:08:14 +0200, Joel Brobecker wrote:
> It's a nice addition to have the auto-load safe-path relocatable...
> 
> > +--with-auto-load-safe-path
> > +  Configure default value for the 'set auto-load safe-path' setting
> > +  above.  It defaults to '$ddir/auto-load', $ddir representing the value
> > +  of configure option --with-gdb-datadir.
> 
> I don't think that this is entirely accurate. $ddir represents the
> GDB data dir, whose value can easily be different from the value passed
> via --with-gdb-datadir.  I would refer to the value of "set
> data-directory" instead.

I have changed it in the patchset as you are right it is more correct.

But in reality user will use either configure option --with-gdb-datadir or the
command-line option -data-directory which is why I wrote it that way.
Until recently I did not remember how is 'show data-directory' exactly called.
But explaining there all of 'show data-directory', --with-gdb-datadir and
-data-directory is probably out of the scope of the NEWS file.

But I agree it is formally correct now.


Thanks,
Jan


NEWS:
-  above.  It defaults to '$ddir/auto-load', $ddir representing the value
-  of configure option --with-gdb-datadir.
+  above.  It defaults to '$ddir/auto-load', $ddir representing GDB's
+  data directory (available via show data-directory).

gdb.texinfo:
-Any used string @file{$ddir} will get replaced by @var{data-directory} which is
-determined at @value{GDBN} startup (@pxref{Data Files}).  @file{$ddir} must be
+Any used string @file{$ddir} will get replaced by @var{data-directory}, where
+@var{data-directory} is @value{GDBN}'s data directory (available via
+@code{show data-directory}, @pxref{Data Files}).  @file{$ddir} must be

Re: [patch 1/2] Provide $ddir substitution for --with-auto-load-safe-path

[Joel Brobecker]

> But in reality user will use either configure option
> --with-gdb-datadir or the command-line option -data-directory which is
> why I wrote it that way.  Until recently I did not remember how is
> 'show data-directory' exactly called.  But explaining there all of
> 'show data-directory', --with-gdb-datadir and -data-directory is
> probably out of the scope of the NEWS file.

Yeah, I agree that explaining the whole data-directory is too much
for a NEWS entry, especially since this directory may get relocated.
Thanks for the fix!

-- 
Joel

Re: [patch 1/2] Provide $ddir substitution for --with-auto-load-safe-path

[Pedro Alves]

On 05/09/2012 04:46 PM, Jan Kratochvil wrote:

> +Setting this variable to @file{/} disables this security protection,


I wonder if creeping in this unixysm is a sign of an interface
that could be better.  I mean, it doesn't make so much sense
if you think of Windows, for example.

-- 
Pedro Alves

Re: [patch 1/2] Provide $ddir substitution for --with-auto-load-safe-path

[Jan Kratochvil]

Hi,

checked in:
	http://sourceware.org/ml/gdb-cvs/2012-05/msg00080.html


Thanks,
Jan

Re: [patch 1/2] Provide $ddir substitution for --with-auto-load-safe-path

[Jan Kratochvil]

Hi Pedro,

On Fri, 11 May 2012 20:13:18 +0200, Pedro Alves wrote:
> On 05/09/2012 04:46 PM, Jan Kratochvil wrote:
> 
> > +Setting this variable to @file{/} disables this security protection,
> 
> I wonder if creeping in this unixysm is a sign of an interface
> that could be better.  I mean, it doesn't make so much sense
> if you think of Windows, for example.

I just checked it in, sorry.

Anyway yes, I was thinking about MS-Windows in this case.  But one can no
longer use empty string as it now means "reset to the factory defaults" to be
coherent with other existing GDB commands.

I was thinking about using "set auto-load safe-path :" where ":" is the path
separator but this would be "set auto-load safe-path ;" on MS-Windows.

I just find "/" to be a magic string, which just coincidentally matches root
on UNIX systems.

Sure I can commit some change if you have a better idea.


Thanks,
Jan

Re: [patch 1/2] Provide $ddir substitution for --with-auto-load-safe-path

[Joel Brobecker]

> > +Setting this variable to @file{/} disables this security protection,
> 
> 
> I wonder if creeping in this unixysm is a sign of an interface
> that could be better.  I mean, it doesn't make so much sense
> if you think of Windows, for example.

Yeah - that's why I suggested a boolean setting instead.  it fits
well with the new setting "auto-load script-dir" which is a list
of directories where scripts are implicitly considered as safe.

-- 
Joel

Re: [patch 1/2] Provide $ddir substitution for --with-auto-load-safe-path

[Jan Kratochvil]

On Fri, 11 May 2012 20:19:13 +0200, Joel Brobecker wrote:
> Yeah - that's why I suggested a boolean setting instead.

[ replied elsewhere ]


> it fits well with the new setting "auto-load script-dir" which is a list of
> directories where scripts are implicitly considered as safe.

(a) It is called "set auto-load scripts-directory".
    (To match the plural of "set auto-load gdb-scripts"
     and "set auto-load python-scripts".)

(b) (gdb) help set auto-load scripts-directory 
    [...]
    Directories listed here need to be
    present also in the 'set auto-load safe-path' option.

I find violation of security coherency if there
exists "set auto-load safe-path" to permit loading files from also other
location.


Thanks,
Jan

Re: [patch 1/2] Provide $ddir substitution for --with-auto-load-safe-path

[Pedro Alves]

On 05/11/2012 07:16 PM, Jan Kratochvil wrote:

> Hi Pedro,
> 
> On Fri, 11 May 2012 20:13:18 +0200, Pedro Alves wrote:
>> On 05/09/2012 04:46 PM, Jan Kratochvil wrote:
>>
>>> +Setting this variable to @file{/} disables this security protection,
>>
>> I wonder if creeping in this unixysm is a sign of an interface
>> that could be better.  I mean, it doesn't make so much sense
>> if you think of Windows, for example.
> 
> I just checked it in, sorry.


Sorry, I'm way behind on the list.

> I was thinking about using "set auto-load safe-path :" where ":" is the path

> separator but this would be "set auto-load safe-path ;" on MS-Windows.


This actually sounds like a good idea to me.  It should already be working?
So we'd only need to remove the '/' special case, and tweak the docs to mention
that.

> I just find "/" to be a magic string, which just coincidentally matches root
> on UNIX systems.
> 
> Sure I can commit some change if you have a better idea.-- 


-- 
Pedro Alves

Re: [patch 1/2] Provide $ddir substitution for --with-auto-load-safe-path

[Jan Kratochvil]

On Fri, 11 May 2012 20:59:31 +0200, Pedro Alves wrote:
> It should already be working?
> So we'd only need to remove the '/' special case,

Yes, it is already working.  No, there is no special case, filename_is_in_dir
handles "", "/" and "////" the same for each split path component.

One just has to avoid the "reset to factory defaults" feature some way (such
as by that ":").


> and tweak the docs to mention that.

Yes.  I can do it but I would like to keep it here for some comments first.
TBH I find that '/' still a bit more logical.  Also we should admit UNIX is
more native environment for GDB.


Thanks,
Jan

Re: [patch 1/2] Provide $ddir substitution for --with-auto-load-safe-path

[Pedro Alves]

On 05/11/2012 08:04 PM, Jan Kratochvil wrote:

> On Fri, 11 May 2012 20:59:31 +0200, Pedro Alves wrote:
>> It should already be working?
>> So we'd only need to remove the '/' special case,
> 
> Yes, it is already working.  No, there is no special case, filename_is_in_dir
> handles "", "/" and "////" the same for each split path component.


Looks like there is some special casing somewhere:

 (gdb) show  auto-load safe-path
 List of directories from which it is safe to auto-load files is /usr/local.
 (gdb) set auto-load safe-path :
 (gdb) show  auto-load safe-path
 List of directories from which it is safe to auto-load files is :.
 (gdb) set auto-load safe-path /
 (gdb) show  auto-load safe-path
 Auto-load files are safe to load from any directory.
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Then IIUC, that "from any directory" is simply not true on Windows -- and
I'd call it a bug.  Files outside of the current drive won't auto-load.

-- 
Pedro Alves

Re: [patch 1/2] Provide $ddir substitution for --with-auto-load-safe-path

[Jan Kratochvil]

On Fri, 11 May 2012 21:14:47 +0200, Pedro Alves wrote:
> Looks like there is some special casing somewhere:

True, I forgot and I agree.  But it is only this "cosmetic" message, it has no
functionality effect.  I can fix this "any directory" message conditional.


>  (gdb) show  auto-load safe-path
>  List of directories from which it is safe to auto-load files is /usr/local.
>  (gdb) set auto-load safe-path :
>  (gdb) show  auto-load safe-path
>  List of directories from which it is safe to auto-load files is :.
>  (gdb) set auto-load safe-path /
>  (gdb) show  auto-load safe-path
>  Auto-load files are safe to load from any directory.
>  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> 
> Then IIUC, that "from any directory" is simply not true on Windows -- and
> I'd call it a bug.  Files outside of the current drive won't auto-load.

It should work, at least Joel has verified it works:
	[patch] [w32] Fix --without-auto-load-safe-path
	http://sourceware.org/ml/gdb-patches/2012-04/msg00721.html
	http://sourceware.org/ml/gdb-patches/2012-05/msg00029.html


Thanks,
Jan

Re: [patch 1/2] Provide $ddir substitution for --with-auto-load-safe-path

[Joel Brobecker]

> > it fits well with the new setting "auto-load script-dir" which is a list of
> > directories where scripts are implicitly considered as safe.
> 
> (a) It is called "set auto-load scripts-directory".
>     (To match the plural of "set auto-load gdb-scripts"
>      and "set auto-load python-scripts".)
> 
> (b) (gdb) help set auto-load scripts-directory 
>     [...]
>     Directories listed here need to be
>     present also in the 'set auto-load safe-path' option.
> 
> I find violation of security coherency if there
> exists "set auto-load safe-path" to permit loading files from also other
> location.

I proposing we ditch safe-path entirely, and merge it with
scripts-directory. What good is it to have a directory in
scripts-directory if it's not in safe-path at the same time?

-- 
Joel

Re: [patch 1/2] Provide $ddir substitution for --with-auto-load-safe-path

[Jan Kratochvil]

On Fri, 11 May 2012 21:38:01 +0200, Joel Brobecker wrote:
> I proposing we ditch safe-path entirely, and merge it with
> scripts-directory. What good is it to have a directory in
> scripts-directory if it's not in safe-path at the same time?

Such case is not useful.  But I find useful to have directory in safe-path but
not in scripts-directory:

Fedora config:
              --with-auto-load-dir='$ddir/auto-load%{?scl::%{_root_datadir}/gdb/auto-load}'                                             \
        --with-auto-load-safe-path='$ddir/auto-load%{?scl::%{_root_datadir}/gdb/auto-load}:/usr/lib/debug:%{_root_bindir}/mono-gdb.py'  \

a bit offtopic #1:
mono-gdb.py is just a workaround of packaging bug:
	https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=815501

a bit offtopic #2:
debug-file-directory is used by GDB implicitly as if it is in
scripts-directory (see auto_load_objfile_script, not by me).  Maybe we could
have introduced $debugdir substitution instead and make it a part of default
--with-auto-load-safe-path.  So far I find debug-file-directory (and the
separate debug info feature) to be distro specific enough it may require such
specific configuration of --with-auto-load-safe-path.


But with separate --with-auto-load-safe-path one can permit loading .gdbinit
from GCC or Emacs build directory:
	--with-auto-load-safe-path=$ddir/auto-load:~/src/gcc:~/src/emacs

If you unify these two settings it will try to load scripts for arbitrary
inferiors also from ~/src/gcc and from ~/src/emacs.  Which should be safe - as
you declared these directories safe - but I find it a bit mess.  Not sure if it
is simplification or complication.


Thanks,
Jan

[patch] Cosmetic fix 'show auto-load safe-path' for ":" [Re: [patch 1/2] Provide $ddir substitution for --with-auto-load-safe-path]

[Jan Kratochvil]

On Fri, 11 May 2012 21:33:53 +0200, Jan Kratochvil wrote:
> On Fri, 11 May 2012 21:14:47 +0200, Pedro Alves wrote:
> > Looks like there is some special casing somewhere:
> 
> True, I forgot and I agree.  But it is only this "cosmetic" message, it has no
> functionality effect.  I can fix this "any directory" message conditional.

Regards,
Jan


gdb/
2012-05-11  Jan Kratochvil  <jan.kratochvil@redhat.com>

	* auto-load.c (show_auto_load_safe_path): Accept any combination of
	DIRNAME_SEPARATOR and IS_DIR_SEPARATOR for wild-match.

diff --git a/gdb/auto-load.c b/gdb/auto-load.c
index 5ee117f..462ee06 100644
--- a/gdb/auto-load.c
+++ b/gdb/auto-load.c
@@ -241,7 +241,15 @@ static void
 show_auto_load_safe_path (struct ui_file *file, int from_tty,
 			  struct cmd_list_element *c, const char *value)
 {
-  if (strcmp (value, "/") == 0)
+  const char *cs;
+
+  /* Check if user has entered either "/" or for example ":".
+     But while more complicate content like ":/foo" would still also
+     permit any location do not hide those.  */
+
+  for (cs = value; *cs && (*cs == DIRNAME_SEPARATOR || IS_DIR_SEPARATOR (*cs));
+       cs++);
+  if (*cs == 0)
     fprintf_filtered (file, _("Auto-load files are safe to load from any "
 			      "directory.\n"));
   else

Re: [patch 1/2] Provide $ddir substitution for --with-auto-load-safe-path

[Joel Brobecker]

> But with separate --with-auto-load-safe-path one can permit loading .gdbinit
> from GCC or Emacs build directory:
> 	--with-auto-load-safe-path=$ddir/auto-load:~/src/gcc:~/src/emacs
> 
> If you unify these two settings it will try to load scripts for
> arbitrary inferiors also from ~/src/gcc and from ~/src/emacs.  Which
> should be safe - as you declared these directories safe - but I find
> it a bit mess.  Not sure if it is simplification or complication.

Personally, I think it is a complication to have so many settings
that are paths, and I feel like the only way to get away with it is
to document exactly the sequence in which each of the setting is being
evaluated. But I don't have a strong opinion on this.

-- 
Joel

Re: [patch 1/2] Provide $ddir substitution for --with-auto-load-safe-path

[Jan Kratochvil]

On Mon, 14 May 2012 16:49:50 +0200, Joel Brobecker wrote:
> Personally, I think it is a complication to have so many settings
> that are paths, and I feel like the only way to get away with it is
> to document exactly the sequence in which each of the setting is being
> evaluated. But I don't have a strong opinion on this.

I find most easy that:
(1) "set auto-load safe-path" is evaluated for any auto-loaded file.
(2) "set auto-load scripts-directory" is evaluted for auto-loaded scripts.

Besides scripts there exist also .gdbinit or libthread-db, more in the future.

One checks "set auto-load safe-path" to verify the path is secure.

One checks "set auto-load scripts-directory" if it does not load some script.

One re-checks "set auto-load safe-path" if GDB refuses to load some file.


Combining these two variables / meanings complicates it for my mind.

Just giving my point of view.  Sure I am terribly biased by implementing it.


Regards,
Jan

[commit] [patch] Cosmetic fix 'show auto-load safe-path' for ":"

[Jan Kratochvil]

On Fri, 11 May 2012 22:28:07 +0200, Jan Kratochvil wrote:
> gdb/
> 2012-05-11  Jan Kratochvil  <jan.kratochvil@redhat.com>
> 
> 	* auto-load.c (show_auto_load_safe_path): Accept any combination of
> 	DIRNAME_SEPARATOR and IS_DIR_SEPARATOR for wild-match.

Checked in:
	http://sourceware.org/ml/gdb-cvs/2012-05/msg00134.html

Documentation still does not recommend 'set auto-load safe-path :' as the way
to disable auto-loading security.


Regards,
Jan