From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 5403 invoked by alias); 17 Jan 2012 20:54:39 -0000 Received: (qmail 5390 invoked by uid 22791); 17 Jan 2012 20:54:37 -0000 X-SWARE-Spam-Status: No, hits=-6.7 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_HI,SPF_HELO_PASS,TW_XZ,T_RP_MATCHES_RCVD X-Spam-Check-By: sourceware.org Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Tue, 17 Jan 2012 20:54:20 +0000 Received: from int-mx01.intmail.prod.int.phx2.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id q0HKsIug023669 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 17 Jan 2012 15:54:18 -0500 Received: from [127.0.0.1] (ovpn01.gateway.prod.ext.phx2.redhat.com [10.5.9.1]) by int-mx01.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id q0HKsHWM004253; Tue, 17 Jan 2012 15:54:17 -0500 Message-ID: <4F15DFF8.8000707@redhat.com> Date: Tue, 17 Jan 2012 20:56:00 -0000 From: Pedro Alves User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:9.0) Gecko/20111222 Thunderbird/9.0 MIME-Version: 1.0 To: Jan Kratochvil CC: Tom Tromey , Doug Evans , gdb-patches@sourceware.org Subject: Re: [patch] New set auto-load-local-gdbinit + disable it by default References: <20120117095552.GA6141@host2.jankratochvil.net> <20120117162621.GA3883@host2.jankratochvil.net> <20120117165640.GB5344@host2.jankratochvil.net> <20120117174839.GA8459@host2.jankratochvil.net> <4F15D856.7020505@redhat.com> <20120117203235.GA19481@host2.jankratochvil.net> In-Reply-To: <20120117203235.GA19481@host2.jankratochvil.net> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org X-SW-Source: 2012-01/txt/msg00649.txt.bz2 On 01/17/2012 08:32 PM, Jan Kratochvil wrote: > On Tue, 17 Jan 2012 21:21:42 +0100, Pedro Alves wrote: >> Having to request a safe mode with an extra flag is a flawed design, IMO. >> New, and non-aware-of-the-issues-implied (read, most) users, will just >> not know about it, and will therefore not use it. > > I agree with it. I am thinking about it for more days already. But I have > not found a way out. > > The problem is to differentiate these two cases: > (a) as regular user: > $ tar xzf foreign-crash.tar.gz; cd foreign-crash > $ gdb crashprog crashcore # *-gdb.py files lay here around > - You are 0wn3d! Make gdb warn about files that could be autoloaded, but don't load them: $ gdb crashprog crashcore # *-gdb.py files lay here around security warning: found possibly unsafe files that could be autoloaded foo-gdb.py bar-gdb.py Start gdb with the -superman option to load them automatically. *debug core as usual* (gdb) There's probably a better spelling for that option... System/package/distro .py files (printers, and stuff) would be trusted. The mechanism for that could be path list based. > (b) as regular user: > $ cd my/great/project; make > # gdb myprog-using-local-new-gdb.py-pretty-printers $ cd my/great/project; make # gdb -trustothers myprog-using-local-new-gdb.py-pretty-printers Or the equivalent in ~/.gdbinit -- trustothers-ness possibly enabled with python (checking for example, if the executable is under a /home/me/myprojects/ directory, or whatever other policy one prefers). If you forget to specify the flag, gdb will warn you about the files that could be loaded. The question is: is this too much inconvenience? I am willing to give it a try for a while. > > If we want to fix (a) by default we have to regress (b) in the default case. > > The second question would be which directories are safe and which are not but > that can be solved by some configuration variable and site-adjustable value. Yes, agreed. -- Pedro Alves