From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 15500 invoked by alias); 24 Jan 2012 00:28:23 -0000 Received: (qmail 15490 invoked by uid 22791); 24 Jan 2012 00:28:22 -0000 X-SWARE-Spam-Status: No, hits=-2.3 required=5.0 tests=AWL,BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_NONE,T_RP_MATCHES_RCVD X-Spam-Check-By: sourceware.org Received: from elasmtp-banded.atl.sa.earthlink.net (HELO elasmtp-banded.atl.sa.earthlink.net) (209.86.89.70) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Tue, 24 Jan 2012 00:28:09 +0000 Received: from [70.170.59.51] (helo=macbook2.local) by elasmtp-banded.atl.sa.earthlink.net with esmtpa (Exim 4.67) (envelope-from ) id 1RpUF6-0004DR-Du for gdb-patches@sourceware.org; Mon, 23 Jan 2012 19:28:08 -0500 Message-ID: <4F1DFB12.6060009@earthlink.net> Date: Tue, 24 Jan 2012 00:33:00 -0000 From: Stan Shebs User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:9.0) Gecko/20111222 Thunderbird/9.0.1 MIME-Version: 1.0 To: gdb-patches@sourceware.org Subject: Re: [patch] New set auto-load-local-gdbinit + disable it by default References: <20120117095552.GA6141@host2.jankratochvil.net> In-Reply-To: <20120117095552.GA6141@host2.jankratochvil.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-ELNK-Trace: ae6f8838ff913eba0cc1426638a40ef67e972de0d01da9405f473c352ad6e65da58d8a2366c8c4e8350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c X-IsSubscribed: yes Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org X-SW-Source: 2012-01/txt/msg00801.txt.bz2 On 1/17/12 1:55 AM, Jan Kratochvil wrote: > Hi, > > this is a patch I want to post for many years. There was: > [RFA] .gdbinit security (revived) [incl doc] > http://sourceware.org/ml/gdb-patches/2010-11/msg00276.html > which was a follow-up for its referenced: > RFC: Check permissions of .gdbinit files > http://sourceware.org/ml/gdb-patches/2005-05/msg00637.html > which was addressing: > http://cve.mitre.org/cgi-bin/cvename.cgi?name=2005-1705 Sorry to come in late on this, but is this *really* an actual problem? From the tenor of the discussion, I get the impression of willingness to break longstanding development habits for most GNU folks in order to tick off a couple boxes on the security checklist. Before making any specific changes, I think it would be prudent to ping all the groups that have their own .gdbinit files; if they're OK with the changes, then great. Otherwise I think there will be a flood of complaints, and possibly people distributing versions of GDB with the change reverted, which would defeat the purpose. :-) I would imagine that the people who open tarballs from unknown sources and run GDB on the contents already know about -nx and -x, eh? Stan