From: Kevin Buettner <kevinb@redhat.com>
To: Andrew Burgess <aburgess@redhat.com>
Cc: gdb-patches@sourceware.org, Siddhesh Poyarekar <siddhesh@redhat.com>
Subject: Re: [RFC] Adding a SECURITY policy for GDB
Date: Mon, 6 Nov 2023 11:55:36 -0700 [thread overview]
Message-ID: <20231106115536.084239ef@f38-zws-nv> (raw)
In-Reply-To: <877cmvui64.fsf@redhat.com>
On Mon, 06 Nov 2023 13:26:27 +0000
Andrew Burgess <aburgess@redhat.com> wrote:
> I'd be interested to hear:
>
> * Do people feel I'm being too restrictive in what I consider a
> security issue? Are there any additional classes of bug that you
> would see as a security issue within GDB?
>
> * I've tried to highlight areas of GDB that might pose a risk if run
> in a non-secure setting, e.g. GDB run the inferior, so using GDB to
> debug unknown inferiors can allow arbitrary code execution, or that
> gdbserver on an open network would allow access to the machine
> running gdbserver. Are there any other areas of GDB for which we
> should list as being potentially dangerous if not run in a secure
> (sandboxed) environment?
Some crash detection/analysis tools use GDB in an automatic fashion to
provide diagnostics. I think it should be made clear that such tools
should use GDB in a sandboxed environment.
Kevin
next prev parent reply other threads:[~2023-11-06 18:56 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-06 13:26 Andrew Burgess
2023-11-06 18:55 ` Kevin Buettner [this message]
2023-11-06 19:34 ` Simon Marchi
2023-11-06 20:09 ` Siddhesh Poyarekar
2023-11-06 20:15 ` Simon Marchi
2023-11-07 12:17 ` Siddhesh Poyarekar
2023-11-07 14:22 ` Simon Marchi
2023-11-09 14:35 ` Willgerodt, Felix
2023-11-16 17:19 ` Andrew Burgess
2023-11-16 17:27 ` Paul Koning
2023-11-16 21:35 ` Siddhesh Poyarekar
2023-12-08 15:05 ` Andrew Burgess
2023-12-09 10:55 ` Eli Zaretskii
2024-02-04 15:32 ` Andrew Burgess
2024-02-04 17:18 ` Eli Zaretskii
2024-02-04 17:43 ` Andreas Schwab
2024-02-04 18:56 ` Eli Zaretskii
2024-02-05 11:06 ` Andrew Burgess
2023-12-12 7:27 ` Willgerodt, Felix
2024-02-04 15:36 ` [V3] " Andrew Burgess
2024-02-18 13:55 ` Andrew Burgess
2024-03-27 11:00 ` [V4] " Andrew Burgess
2024-04-08 11:01 ` [V5] " Andrew Burgess
2024-04-09 20:30 ` Tom Tromey
2024-04-10 10:22 ` Willgerodt, Felix
2024-04-26 15:44 ` Andrew Burgess
2024-02-05 21:01 ` Tom Tromey
2024-02-09 15:59 ` Andrew Burgess
2024-02-12 16:43 ` Guinevere Larsen
2024-02-12 17:06 ` Siddhesh Poyarekar
2024-02-14 15:03 ` Andrew Burgess
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231106115536.084239ef@f38-zws-nv \
--to=kevinb@redhat.com \
--cc=aburgess@redhat.com \
--cc=gdb-patches@sourceware.org \
--cc=siddhesh@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox