[patch] auto-load safe-path reset back by set ""

[patch] auto-load safe-path reset back by set ""

[Jan Kratochvil]

Hi,

from off-list discussion with Doug I have realized the current GDB practice
is that "set var" will reset it to the factory defaults:
	(gdb) set libthread-db-search-path a
	(gdb) show libthread-db-search-path 
	The current search path or libthread_db is "a".
	(gdb) set libthread-db-search-path 
	(gdb) show libthread-db-search-path 
	The current search path or libthread_db is "$sdir:$pdir".

A similar behavior can be seen for the "directory" command.

Doug's complaint was that "set auto-load safe-path" can be never reset back to
the GDB compilation settings.

Therefore before the auto-load feature gets in a more widespread use / release
proposing this change.

common:
	(gdb) show auto-load safe-path 
	List of directories from which it is safe to auto-load files is /usr/local.
	(gdb) set auto-load safe-path ~/src
	(gdb) show auto-load safe-path 
	List of directories from which it is safe to auto-load files is ~/src.
	(gdb) set auto-load safe-path
	(gdb) show auto-load safe-path 
before:
	Auto-load files are safe to load from any directory.
after:
	List of directories from which it is safe to auto-load files is /usr/local.
	(gdb) set auto-load safe-path /
	(gdb) show auto-load safe-path 
	Auto-load files are safe to load from any directory.

TBH I would rather change "set libthread-db-search-path" so that any "set VAR"
sets VAR to "" as I find it a bit confusing this way but I find it not worth
the trouble changing for established "set libthread-db-search-path" so why to
make "set auto-load safe-path" different.

No regressions on {x86_64,x86_64-m32,i686}-fedora17-linux-gnu.

I will check it in, I do not think there are going to be complaints making the
behavior more in the GDB style.


Thanks,
Jan


gdb/
2012-04-22  Jan Kratochvil  <jan.kratochvil@redhat.com>

	* auto-load.c (set_auto_load_safe_path): Reset AUTO_LOAD_SAFE_PATH
	back to DEFAULT_AUTO_LOAD_SAFE_PATH if it is being set to "".
	(show_auto_load_safe_path): Check any-directory by comparison with "/".
	(add_auto_load_safe_path): Change the error message.
	(_initialize_auto_load): Change the "safe-path" help text.
	* configure: Regenerate
	* configure.ac (--without-auto-load-safe-path): Set
	WITH_AUTO_LOAD_SAFE_PATH to /.

gdb/doc/
2012-04-22  Jan Kratochvil  <jan.kratochvil@redhat.com>

	* gdb.texinfo (Auto-loading safe path): Make 'directories'
	for 'set auto-load safe-path' optional.  Mention if it is omitted.
	Change disabling security protection condition to "/", twice.

diff --git a/gdb/auto-load.c b/gdb/auto-load.c
index 9d19179..9d4d0bc 100644
--- a/gdb/auto-load.c
+++ b/gdb/auto-load.c
@@ -181,6 +181,12 @@ auto_load_safe_path_vec_update (void)
 static void
 set_auto_load_safe_path (char *args, int from_tty, struct cmd_list_element *c)
 {
+  if (auto_load_safe_path[0] == '\0')
+    {
+      xfree (auto_load_safe_path);
+      auto_load_safe_path = xstrdup (DEFAULT_AUTO_LOAD_SAFE_PATH);
+    }
+
   auto_load_safe_path_vec_update ();
 }
 
@@ -190,7 +196,7 @@ static void
 show_auto_load_safe_path (struct ui_file *file, int from_tty,
 			  struct cmd_list_element *c, const char *value)
 {
-  if (*value == 0)
+  if (strcmp (value, "/") == 0)
     fprintf_filtered (file, _("Auto-load files are safe to load from any "
 			      "directory.\n"));
   else
@@ -209,8 +215,9 @@ add_auto_load_safe_path (char *args, int from_tty)
 
   if (args == NULL || *args == 0)
     error (_("\
-Adding empty directory element disables the auto-load safe-path security.  \
-Use 'set auto-load safe-path' instead if you mean that."));
+Directory argument required.\n\
+Use 'set auto-load safe-path /' for disabling the auto-load safe-path security.\
+"));
 
   s = xstrprintf ("%s%c%s", auto_load_safe_path, DIRNAME_SEPARATOR, args);
   xfree (auto_load_safe_path);
@@ -1023,8 +1036,10 @@ Set the list of directories from which it is safe to auto-load files."), _("\
 Show the list of directories from which it is safe to auto-load files."), _("\
 Various files loaded automatically for the 'set auto-load ...' options must\n\
 be located in one of the directories listed by this option.  Warning will be\n\
-printed and file will not be used otherwise.  Use empty string (or even\n\
-empty directory entry) to allow any file for the 'set auto-load ...' options.\n\
+printed and file will not be used otherwise.\n\
+Setting this parameter to an empty list resets it to its default value.\n\
+Setting this parameter to '/' (without the quotes) allows any file\n\
+for the 'set auto-load ...' options.\n\
 This option is ignored for the kinds of files having 'set auto-load ... off'.\n\
 This options has security implications for untrusted inferiors."),
 				     set_auto_load_safe_path,
diff --git a/gdb/configure b/gdb/configure
index 54c2399..42d2fbd 100755
--- a/gdb/configure
+++ b/gdb/configure
@@ -4949,7 +4949,7 @@ $as_echo_n "checking for default auto-load safe-path... " >&6; }
 # Check whether --with-auto-load-safe-path was given.
 if test "${with_auto_load_safe_path+set}" = set; then :
   withval=$with_auto_load_safe_path; if test "$with_auto_load_safe_path" = "no"; then
-   with_auto_load_safe_path=""
+   with_auto_load_safe_path="/"
  fi
 else
   with_auto_load_safe_path="$prefix"
diff --git a/gdb/configure.ac b/gdb/configure.ac
index a40c2e5..9bde18f 100644
--- a/gdb/configure.ac
+++ b/gdb/configure.ac
@@ -140,7 +140,7 @@ AC_ARG_WITH(auto-load-safe-path,
 AS_HELP_STRING([--with-auto-load-safe-path=PATH], [directories safe to hold auto-loaded files])
 AS_HELP_STRING([--without-auto-load-safe-path], [do not restrict auto-loaded files locations]),
 [if test "$with_auto_load_safe_path" = "no"; then
-   with_auto_load_safe_path=""
+   with_auto_load_safe_path="/"
  fi],
 [with_auto_load_safe_path="$prefix"])
 AC_DEFINE_DIR(DEFAULT_AUTO_LOAD_SAFE_PATH, with_auto_load_safe_path,
diff --git a/gdb/doc/gdb.texinfo b/gdb/doc/gdb.texinfo
index e8be746..6d9f0c0 100644
--- a/gdb/doc/gdb.texinfo
+++ b/gdb/doc/gdb.texinfo
@@ -21105,9 +21105,12 @@ The list of trusted directories is controlled by the following commands:
 @table @code
 @anchor{set auto-load safe-path}
 @kindex set auto-load safe-path
-@item set auto-load safe-path @var{directories}
+@item set auto-load safe-path [@var{directories}]
 Set the list of directories (and their subdirectories) trusted for automatic
 loading and execution of scripts.  You can also enter a specific trusted file.
+If you omit @var{directories}, @samp{auto-load safe-path} will be reset to
+its default value as specified during @value{GDBN} compilation.
+
 The list of directories uses directory separator (@samp{:} on GNU and Unix
 systems, @samp{;} on MS-Windows and MS-DOS) to separate directories, similarly
 to the @env{PATH} environment variable.
@@ -21126,7 +21129,8 @@ loading and execution of scripts.  Multiple entries may be delimited by the
 host platform directory separator in use.
 @end table
 
-Setting this variable to an empty string disables this security protection.
+Setting this variable to @code{"/"} (without the quotes) disables this security
+protection.
 This variable is supposed to be set to the system directories writable by the
 system superuser only.  Users can add their source directories in init files in
 their home directories (@pxref{Home Directory Init File}).  See also deprecated
@@ -21146,7 +21150,7 @@ by @samp{show auto-load safe-path} (such as @samp{/usr:/bin} in this example).
 Specify this directory as in the previous case but just for a single
 @value{GDBN} session.
 
-@item @kbd{gdb -iex "set auto-load safe-path" [@dots{}]}
+@item @kbd{gdb -iex "set auto-load safe-path /" [@dots{}]}
 Disable auto-loading safety for a single @value{GDBN} session.
 This assumes all the files you debug during this @value{GDBN} session will come
 from trusted sources.

Re: [patch] auto-load safe-path reset back by set ""

[Eli Zaretskii]

> Date: Sun, 22 Apr 2012 18:51:28 +0200
> From: Jan Kratochvil <jan.kratochvil@redhat.com>
> Cc: Doug Evans <dje@google.com>
> 
> +@item set auto-load safe-path [@var{directories}]

You need @r{} around [ and ].

> +Setting this variable to @code{"/"} (without the quotes) disables this security
                            ^^^^^^^^^^
Why not @file{/}?  The quotes are not needed in any case.

> +@item @kbd{gdb -iex "set auto-load safe-path /" [@dots{}]}

I'd lose the [ and ] part -- you don't need them.

OK with those changes.

Thanks.

Re: [patch] auto-load safe-path reset back by set ""

[Doug Evans]

On Sun, Apr 22, 2012 at 9:51 AM, Jan Kratochvil
<jan.kratochvil@redhat.com> wrote:
> Hi,
>
> from off-list discussion with Doug I have realized the current GDB practice
> is that "set var" will reset it to the factory defaults:
>        (gdb) set libthread-db-search-path a
>        (gdb) show libthread-db-search-path
>        The current search path or libthread_db is "a".
>        (gdb) set libthread-db-search-path
>        (gdb) show libthread-db-search-path
>        The current search path or libthread_db is "$sdir:$pdir".
>
> A similar behavior can be seen for the "directory" command.
>
> Doug's complaint was that "set auto-load safe-path" can be never reset back to
> the GDB compilation settings.

A thought occurred to me regarding the default value of auto-load-path
= ${prefix}.
For a typical value of /usr, it doesn't give as much protection as it could.
E.g. /usr/tmp, /usr/local/tmp (or possibly anything in /usr/local).

So I was wondering if we really want security to be on by default,
should the default value be gdb's data-directory (e.g.,
$prefix/share/gdb) + $exec_prefix/lib{,32,64} + ???

Plus, it seems like at least data-directory should be relocatable.
Implementing this might be cumbersome unless data-directory was
represented as something like "$ddir".  Or maybe represent $prefix as
$pdir, etc..  There is precedent.  Whether to apply that here - I'm
just raising the issue, I'm not sure myself.

Re: [patch] auto-load safe-path reset back by set ""

[Jan Kratochvil]

On Sun, 22 Apr 2012 23:26:16 +0200, Doug Evans wrote:
> A thought occurred to me regarding the default value of auto-load-path
> = ${prefix}.
> For a typical value of /usr, it doesn't give as much protection as it could.
> E.g. /usr/tmp, /usr/local/tmp

I never noticed /usr/tmp, this is a real problem.


> (or possibly anything in /usr/local).

This should not be a problem, /usr/local has superuser-only write permissions.


> So I was wondering if we really want security to be on by default,

I do not think it is so important for custom GDB builds and neither for
Fedora/RHEL when I can set it up properly but I have some doubts distros in
general will set it at all if the default will remain insecure.


> should the default value be gdb's data-directory (e.g.,
> $prefix/share/gdb) + $exec_prefix/lib{,32,64} + ???

I was thinkink about making the default '$prefix:-$prefix/tmp' (sure with
a new GDB feature to remove safety from sub-trees by '-').

But you are right $prefix/share/gdb may be enough as packages use / should use
$prefix/share/gdb/auto-load/ for their *-gdb.py hooks.  In such case I do not
know why to add also that $exec_prefix/lib{,32,64} + ???.


> Plus, it seems like at least data-directory should be relocatable.
> Implementing this might be cumbersome unless data-directory was
> represented as something like "$ddir".  Or maybe represent $prefix as
> $pdir, etc..  There is precedent.  Whether to apply that here - I'm
> just raising the issue, I'm not sure myself.

$pdir from libthread-db-search-path is different, it should not be overloaded
to a different meaning here.  But $ddir for data-directory looks correct to
me.


Thanks,
Jan

[doc commit#2] auto-load: Remove trailing @dots [Re: [patch] auto-load safe-path reset back by set ""]

[Jan Kratochvil]

On Mon, 23 Apr 2012 19:24:14 +0200, Jan Kratochvil wrote:
> Going to fix it up.


Sorry for double-commit,
Jan


http://sourceware.org/ml/gdb-cvs/2012-04/msg00184.html

--- src/gdb/doc/ChangeLog	2012/04/23 17:20:56	1.1300
+++ src/gdb/doc/ChangeLog	2012/04/23 17:26:00	1.1301
@@ -3,6 +3,9 @@
 	* gdb.texinfo (Auto-loading safe path): Remove trailing [@dots{}].
 	Three times.
 
+	* gdb.texinfo (Auto-loading safe path): Add trailing @dots{}.
+	Three times.
+
 2012-04-22  Jan Kratochvil  <jan.kratochvil@redhat.com>
 
 	* gdb.texinfo (Auto-loading safe path): Replace @itemize @bullet
--- src/gdb/doc/gdb.texinfo	2012/04/23 17:20:56	1.947
+++ src/gdb/doc/gdb.texinfo	2012/04/23 17:26:01	1.948
@@ -21142,11 +21142,11 @@
 You have to specify also any existing directories displayed by
 by @samp{show auto-load safe-path} (such as @samp{/usr:/bin} in this example).
 
-@item @kbd{gdb -iex "set auto-load safe-path /usr:/bin:~/src/gdb"}
+@item @kbd{gdb -iex "set auto-load safe-path /usr:/bin:~/src/gdb" @dots{}}
 Specify this directory as in the previous case but just for a single
 @value{GDBN} session.
 
-@item @kbd{gdb -iex "set auto-load safe-path"}
+@item @kbd{gdb -iex "set auto-load safe-path" @dots{}}
 Disable auto-loading safety for a single @value{GDBN} session.
 This assumes all the files you debug during this @value{GDBN} session will come
 from trusted sources.
@@ -21161,7 +21161,7 @@
 also suppresses any such warning messages:
 
 @table @asis
-@item @kbd{gdb -iex "set auto-load no"}
+@item @kbd{gdb -iex "set auto-load no" @dots{}}
 You can use @value{GDBN} command-line option for a single @value{GDBN} session.
 
 @item @file{~/.gdbinit}: @samp{set auto-load no}

[doc commit] auto-load: Remove trailing @dots [Re: [patch] auto-load safe-path reset back by set ""]

[Jan Kratochvil]

On Sun, 22 Apr 2012 22:16:32 +0200, Eli Zaretskii wrote:
> > +@item @kbd{gdb -iex "set auto-load safe-path /" [@dots{}]}
> 
> I'd lose the [ and ] part -- you don't need them.

I committed it as obvious but I see you probably meant

@item @kbd{gdb -iex "set auto-load safe-path /" @dots{}}

while I committed

@item @kbd{gdb -iex "set auto-load safe-path /"}

Going to fix it up.


Sorry for double-commit,
Jan


http://sourceware.org/ml/gdb-cvs/2012-04/msg00183.html

--- src/gdb/doc/ChangeLog	2012/04/22 15:49:21	1.1299
+++ src/gdb/doc/ChangeLog	2012/04/23 17:20:56	1.1300
@@ -1,3 +1,8 @@
+2012-04-23  Jan Kratochvil  <jan.kratochvil@redhat.com>
+
+	* gdb.texinfo (Auto-loading safe path): Remove trailing [@dots{}].
+	Three times.
+
 2012-04-22  Jan Kratochvil  <jan.kratochvil@redhat.com>
 
 	* gdb.texinfo (Auto-loading safe path): Replace @itemize @bullet
--- src/gdb/doc/gdb.texinfo	2012/04/22 15:49:21	1.946
+++ src/gdb/doc/gdb.texinfo	2012/04/23 17:20:56	1.947
@@ -21142,11 +21142,11 @@
 You have to specify also any existing directories displayed by
 by @samp{show auto-load safe-path} (such as @samp{/usr:/bin} in this example).
 
-@item @kbd{gdb -iex "set auto-load safe-path /usr:/bin:~/src/gdb" [@dots{}]}
+@item @kbd{gdb -iex "set auto-load safe-path /usr:/bin:~/src/gdb"}
 Specify this directory as in the previous case but just for a single
 @value{GDBN} session.
 
-@item @kbd{gdb -iex "set auto-load safe-path" [@dots{}]}
+@item @kbd{gdb -iex "set auto-load safe-path"}
 Disable auto-loading safety for a single @value{GDBN} session.
 This assumes all the files you debug during this @value{GDBN} session will come
 from trusted sources.
@@ -21161,7 +21161,7 @@
 also suppresses any such warning messages:
 
 @table @asis
-@item @kbd{gdb -iex "set auto-load no" [@dots{}]}
+@item @kbd{gdb -iex "set auto-load no"}
 You can use @value{GDBN} command-line option for a single @value{GDBN} session.
 
 @item @file{~/.gdbinit}: @samp{set auto-load no}

Re: [patch] auto-load safe-path reset back by set ""

[Jan Kratochvil]

On Sun, 22 Apr 2012 22:16:32 +0200, Eli Zaretskii wrote:
> > +@item set auto-load safe-path [@var{directories}]
> 
> You need @r{} around [ and ].
> 
> > +Setting this variable to @code{"/"} (without the quotes) disables this security
>                             ^^^^^^^^^^
> Why not @file{/}?  The quotes are not needed in any case.

done.


In fact this patch is unrelated to the Doug's suggestion, reposting it only
with the doc update.


Thanks,
Jan


gdb/
2012-04-23  Jan Kratochvil  <jan.kratochvil@redhat.com>

	* auto-load.c (set_auto_load_safe_path): Reset AUTO_LOAD_SAFE_PATH
	back to DEFAULT_AUTO_LOAD_SAFE_PATH if it is being set to "".
	(show_auto_load_safe_path): Check any-directory by comparison with "/".
	(add_auto_load_safe_path): Change the error message.
	(_initialize_auto_load): Change the "safe-path" help text.
	* configure: Regenerate
	* configure.ac (--without-auto-load-safe-path): Set
	WITH_AUTO_LOAD_SAFE_PATH to /.

gdb/doc/
2012-04-23  Jan Kratochvil  <jan.kratochvil@redhat.com>

	* gdb.texinfo (Auto-loading safe path): Make 'directories'
	for 'set auto-load safe-path' optional.  Mention if it is omitted.
	Change disabling security protection condition to "/", twice.

diff --git a/gdb/auto-load.c b/gdb/auto-load.c
index 9d19179..6c1309f 100644
--- a/gdb/auto-load.c
+++ b/gdb/auto-load.c
@@ -181,6 +181,12 @@ auto_load_safe_path_vec_update (void)
 static void
 set_auto_load_safe_path (char *args, int from_tty, struct cmd_list_element *c)
 {
+  if (auto_load_safe_path[0] == '\0')
+    {
+      xfree (auto_load_safe_path);
+      auto_load_safe_path = xstrdup (DEFAULT_AUTO_LOAD_SAFE_PATH);
+    }
+
   auto_load_safe_path_vec_update ();
 }
 
@@ -190,7 +196,7 @@ static void
 show_auto_load_safe_path (struct ui_file *file, int from_tty,
 			  struct cmd_list_element *c, const char *value)
 {
-  if (*value == 0)
+  if (strcmp (value, "/") == 0)
     fprintf_filtered (file, _("Auto-load files are safe to load from any "
 			      "directory.\n"));
   else
@@ -209,8 +215,9 @@ add_auto_load_safe_path (char *args, int from_tty)
 
   if (args == NULL || *args == 0)
     error (_("\
-Adding empty directory element disables the auto-load safe-path security.  \
-Use 'set auto-load safe-path' instead if you mean that."));
+Directory argument required.\n\
+Use 'set auto-load safe-path /' for disabling the auto-load safe-path security.\
+"));
 
   s = xstrprintf ("%s%c%s", auto_load_safe_path, DIRNAME_SEPARATOR, args);
   xfree (auto_load_safe_path);
@@ -1023,8 +1030,10 @@ Set the list of directories from which it is safe to auto-load files."), _("\
 Show the list of directories from which it is safe to auto-load files."), _("\
 Various files loaded automatically for the 'set auto-load ...' options must\n\
 be located in one of the directories listed by this option.  Warning will be\n\
-printed and file will not be used otherwise.  Use empty string (or even\n\
-empty directory entry) to allow any file for the 'set auto-load ...' options.\n\
+printed and file will not be used otherwise.\n\
+Setting this parameter to an empty list resets it to its default value.\n\
+Setting this parameter to '/' (without the quotes) allows any file\n\
+for the 'set auto-load ...' options.\n\
 This option is ignored for the kinds of files having 'set auto-load ... off'.\n\
 This options has security implications for untrusted inferiors."),
 				     set_auto_load_safe_path,
diff --git a/gdb/configure b/gdb/configure
index 54c2399..42d2fbd 100755
--- a/gdb/configure
+++ b/gdb/configure
@@ -4949,7 +4949,7 @@ $as_echo_n "checking for default auto-load safe-path... " >&6; }
 # Check whether --with-auto-load-safe-path was given.
 if test "${with_auto_load_safe_path+set}" = set; then :
   withval=$with_auto_load_safe_path; if test "$with_auto_load_safe_path" = "no"; then
-   with_auto_load_safe_path=""
+   with_auto_load_safe_path="/"
  fi
 else
   with_auto_load_safe_path="$prefix"
diff --git a/gdb/configure.ac b/gdb/configure.ac
index a40c2e5..9bde18f 100644
--- a/gdb/configure.ac
+++ b/gdb/configure.ac
@@ -140,7 +140,7 @@ AC_ARG_WITH(auto-load-safe-path,
 AS_HELP_STRING([--with-auto-load-safe-path=PATH], [directories safe to hold auto-loaded files])
 AS_HELP_STRING([--without-auto-load-safe-path], [do not restrict auto-loaded files locations]),
 [if test "$with_auto_load_safe_path" = "no"; then
-   with_auto_load_safe_path=""
+   with_auto_load_safe_path="/"
  fi],
 [with_auto_load_safe_path="$prefix"])
 AC_DEFINE_DIR(DEFAULT_AUTO_LOAD_SAFE_PATH, with_auto_load_safe_path,
diff --git a/gdb/doc/gdb.texinfo b/gdb/doc/gdb.texinfo
index a2a4eb3..46dde27 100644
--- a/gdb/doc/gdb.texinfo
+++ b/gdb/doc/gdb.texinfo
@@ -21105,9 +21105,12 @@ The list of trusted directories is controlled by the following commands:
 @table @code
 @anchor{set auto-load safe-path}
 @kindex set auto-load safe-path
-@item set auto-load safe-path @var{directories}
+@item set auto-load safe-path @r{[}@var{directories}@r{]}
 Set the list of directories (and their subdirectories) trusted for automatic
 loading and execution of scripts.  You can also enter a specific trusted file.
+If you omit @var{directories}, @samp{auto-load safe-path} will be reset to
+its default value as specified during @value{GDBN} compilation.
+
 The list of directories uses directory separator (@samp{:} on GNU and Unix
 systems, @samp{;} on MS-Windows and MS-DOS) to separate directories, similarly
 to the @env{PATH} environment variable.
@@ -21126,7 +21129,8 @@ loading and execution of scripts.  Multiple entries may be delimited by the
 host platform directory separator in use.
 @end table
 
-Setting this variable to an empty string disables this security protection.
+Setting this variable to @file{/} (without the quotes) disables this security
+protection.
 This variable is supposed to be set to the system directories writable by the
 system superuser only.  Users can add their source directories in init files in
 their home directories (@pxref{Home Directory Init File}).  See also deprecated
@@ -21146,7 +21150,7 @@ by @samp{show auto-load safe-path} (such as @samp{/usr:/bin} in this example).
 Specify this directory as in the previous case but just for a single
 @value{GDBN} session.
 
-@item @kbd{gdb -iex "set auto-load safe-path" @dots{}}
+@item @kbd{gdb -iex "set auto-load safe-path /" @dots{}}
 Disable auto-loading safety for a single @value{GDBN} session.
 This assumes all the files you debug during this @value{GDBN} session will come
 from trusted sources.

[patch] auto-load safe-path default=$ddir/auto-load [Re: [patch] auto-load safe-path reset back by set ""]

[Jan Kratochvil]

On Sun, 22 Apr 2012 23:26:16 +0200, Doug Evans wrote:
> A thought occurred to me regarding the default value of auto-load-path
> = ${prefix}.

This is unrelated to this patch but thanks for the suggestion.


> So I was wondering if we really want security to be on by default,
> should the default value be gdb's data-directory (e.g.,
> $prefix/share/gdb) + $exec_prefix/lib{,32,64} + ???

Made it therefore $ddir/auto-load, on an ideal system/distro we can change all
the auto-loaded GDB files to be located under $ddir/auto-load.  I have filed
for the only remaining violation (/usr/bin/mono-gdb.py) known to me:
	https://bugzilla.redhat.com/show_bug.cgi?id=815501
	(Sure I will ask about upstreaming of the change.)


> Plus, it seems like at least data-directory should be relocatable.
> Implementing this might be cumbersome unless data-directory was
> represented as something like "$ddir".

Done.  Unfortunately this still does not fix the "./gdb" run for a newly built
GDB.  Newly built GDB probably could use "-data-directory $PWD/data-directory"
(if GDB's program dir contains "data-directory" sort of relocation).
We could then change current
	gdb-gdb.gdb.in -> gdb-gdb.gdb
to
	gdb-gdb.gdb.in -> data-directory/auto-load/$PWD/gdb-gdb.gdb
and even install the file (with proper installation directories) as:
	/usr/share/gdb/usr/bin/gdb-gdb.gdb
	(additionally ensuring for example in Fedora - in its .spec file
	@srcdir@ gets substituted right for Fedora *-debuginfo.rpm)

Would it make everyone happy?


Thanks,
Jan


gdb/
2012-04-23  Jan Kratochvil  <jan.kratochvil@redhat.com>

	Change auto-load safe-path default to $ddir/auto-load.
	* auto-load.c (auto_load_safe_path_vec_update): Call
	substitute_path_component for $ddir.
	* configure: Regenerate.
	* configure.ac (--with-auto-load-safe-path): Suggest $ddir syntax.
	Change the default to \\\$ddir/auto-load.
	* defs.h (substitute_path_component): New declaration.
	* utils.c (substitute_path_component): New function.

gdb/doc/
2012-04-23  Jan Kratochvil  <jan.kratochvil@redhat.com>

	Change auto-load safe-path default to $ddir/auto-load.
	* gdb.texinfo (Auto-loading): Change shown safe-path default to
	$ddir/auto-load.
	(Auto-loading safe path): Change the sample warning to $ddir/auto-load.
	Twice.  Mention the $ddir substitution.

diff --git a/gdb/auto-load.c b/gdb/auto-load.c
index 9d19179..81d48ee 100644
--- a/gdb/auto-load.c
+++ b/gdb/auto-load.c
@@ -141,8 +141,12 @@ auto_load_safe_path_vec_update (void)
   for (ix = 0; ix < len; ix++)
     {
       char *dir = VEC_index (char_ptr, auto_load_safe_path_vec, ix);
-      char *expanded = tilde_expand (dir);
-      char *real_path = gdb_realpath (expanded);
+      char *expanded, *real_path;
+
+      expanded = tilde_expand (dir);
+      substitute_path_component (&expanded, "$ddir", gdb_datadir);
+
+      real_path = gdb_realpath (expanded);
 
       /* Ensure the current entry is at least tilde_expand-ed.  */
       VEC_replace (char_ptr, auto_load_safe_path_vec, ix, expanded);
diff --git a/gdb/configure b/gdb/configure
index 54c2399..e0f2d64 100755
--- a/gdb/configure
+++ b/gdb/configure
@@ -1481,7 +1481,8 @@ Optional Packages:
   --with-relocated-sources=PATH
                           automatically relocate this path for source files
   --with-auto-load-safe-path=PATH
-                          directories safe to hold auto-loaded files
+                          directories safe to hold auto-loaded files, use
+                          '\\\$ddir' for -data-directory
   --without-auto-load-safe-path
                           do not restrict auto-loaded files locations
   --with-libunwind-ia64   use libunwind frame unwinding for ia64 targets
@@ -4952,7 +4953,7 @@ if test "${with_auto_load_safe_path+set}" = set; then :
    with_auto_load_safe_path=""
  fi
 else
-  with_auto_load_safe_path="$prefix"
+  with_auto_load_safe_path='\\\$ddir/auto-load'
 fi
 
 
diff --git a/gdb/configure.ac b/gdb/configure.ac
index a40c2e5..a80cfcd 100644
--- a/gdb/configure.ac
+++ b/gdb/configure.ac
@@ -137,12 +137,13 @@ AS_HELP_STRING([--with-relocated-sources=PATH], [automatically relocate this pat
 
 AC_MSG_CHECKING([for default auto-load safe-path])
 AC_ARG_WITH(auto-load-safe-path,
-AS_HELP_STRING([--with-auto-load-safe-path=PATH], [directories safe to hold auto-loaded files])
+AS_HELP_STRING([--with-auto-load-safe-path=PATH],
+  [directories safe to hold auto-loaded files, use '\\\$ddir' for -data-directory])
 AS_HELP_STRING([--without-auto-load-safe-path], [do not restrict auto-loaded files locations]),
 [if test "$with_auto_load_safe_path" = "no"; then
    with_auto_load_safe_path=""
  fi],
-[with_auto_load_safe_path="$prefix"])
+[with_auto_load_safe_path='\\\$ddir/auto-load'])
 AC_DEFINE_DIR(DEFAULT_AUTO_LOAD_SAFE_PATH, with_auto_load_safe_path,
 	      [Directories safe to hold auto-loaded files.])
 AC_MSG_RESULT([$with_auto_load_safe_path])
diff --git a/gdb/defs.h b/gdb/defs.h
index f7156cb..caff109 100644
--- a/gdb/defs.h
+++ b/gdb/defs.h
@@ -380,6 +380,9 @@ extern struct cleanup *make_bpstat_clear_actions_cleanup (void);
 
 extern int producer_is_gcc_ge_4 (const char *producer);
 
+extern void substitute_path_component (char **stringp, const char *from,
+				       const char *to);
+
 #ifdef HAVE_WAITPID
 extern pid_t wait_to_die_with_timeout (pid_t pid, int *status, int timeout);
 #endif
diff --git a/gdb/doc/gdb.texinfo b/gdb/doc/gdb.texinfo
index a2a4eb3..a3873fb 100644
--- a/gdb/doc/gdb.texinfo
+++ b/gdb/doc/gdb.texinfo
@@ -20893,7 +20893,7 @@ libthread-db:  Auto-loading of inferior specific libthread_db is on.
 local-gdbinit:  Auto-loading of .gdbinit script from current directory is on.
 python-scripts:  Auto-loading of Python scripts is on.
 safe-path:  List of directories from which it is safe to auto-load files
-            is /usr/local.
+            is $ddir/auto-load.
 @end smallexample
 
 @anchor{info auto-load}
@@ -21095,9 +21095,9 @@ get loaded:
 $ ./gdb -q ./gdb
 Reading symbols from /home/user/gdb/gdb...done.
 warning: File "/home/user/gdb/gdb-gdb.gdb" auto-loading has been
-         declined by your `auto-load safe-path' set to "/usr/local".
+         declined by your `auto-load safe-path' set to "$ddir/auto-load".
 warning: File "/home/user/gdb/gdb-gdb.py" auto-loading has been
-         declined by your `auto-load safe-path' set to "/usr/local".
+         declined by your `auto-load safe-path' set to "$ddir/auto-load".
 @end smallexample
 
 The list of trusted directories is controlled by the following commands:
@@ -21126,6 +21126,11 @@ loading and execution of scripts.  Multiple entries may be delimited by the
 host platform directory separator in use.
 @end table
 
+Any used string @file{$ddir} will get replaced by @var{data-directory} which is
+determined at @value{GDBN} startup (@pxref{Data Files}).  @file{$ddir} must be
+be placed as a directory component - either alone or delimited by @file{/} or
+@file{\} directory separators, depending on the host platform.
+
 Setting this variable to an empty string disables this security protection.
 This variable is supposed to be set to the system directories writable by the
 system superuser only.  Users can add their source directories in init files in
diff --git a/gdb/utils.c b/gdb/utils.c
index b70edd8..15956b7 100644
--- a/gdb/utils.c
+++ b/gdb/utils.c
@@ -3724,6 +3724,48 @@ dirnames_to_char_ptr_vec (const char *dirnames)
   return retval;
 }
 
+/* Substitute all occurences of string FROM by string TO in *STRINGP.  *STRINGP
+   must come from xrealloc-compatible allocator and it may be updated.  FROM
+   needs to be delimited by IS_DIR_SEPARATOR (or be located at the start or
+   end of *STRINGP.  */
+
+void
+substitute_path_component (char **stringp, const char *from, const char *to)
+{
+  char *string = *stringp, *s;
+  const size_t from_len = strlen (from);
+  const size_t to_len = strlen (to);
+
+  for (s = string;;)
+    {
+      s = strstr (s, from);
+      if (s == NULL)
+	break;
+
+      if ((s == string || IS_DIR_SEPARATOR (s[-1]))
+          && (s[from_len] == '\0' || IS_DIR_SEPARATOR (s[from_len])))
+	{
+	  char *string_new;
+
+	  string_new = xrealloc (string, (strlen (string) + to_len + 1));
+
+	  /* Relocate the current S pointer.  */
+	  s = s - string + string_new;
+	  string = string_new;
+
+	  /* Replace from by to.  */
+	  memmove (&s[to_len], &s[from_len], strlen (&s[from_len]) + 1);
+	  memcpy (s, to, to_len);
+
+	  s += to_len;
+	}
+      else
+	s++;
+    }
+
+  *stringp = string;
+}
+
 #ifdef HAVE_WAITPID
 
 #ifdef SIGALRM

Re: [patch] auto-load safe-path reset back by set ""

[Eli Zaretskii]

> Date: Tue, 24 Apr 2012 00:45:57 +0200
> From: Jan Kratochvil <jan.kratochvil@redhat.com>
> Cc: gdb-patches@sourceware.org, dje@google.com
> 
> > > +Setting this variable to @code{"/"} (without the quotes) disables this security
> >                             ^^^^^^^^^^
> > Why not @file{/}?  The quotes are not needed in any case.
> 
> done.

But please also nuke the (now incorrect) phrase in parentheses:

> +Setting this variable to @file{/} (without the quotes) disables this security
> +protection.                       ^^^^^^^^^^^^^^^^^^^^

There are no quotes.

Re: [patch] auto-load safe-path reset back by set ""

[Jan Kratochvil]

On Tue, 24 Apr 2012 04:49:28 +0200, Eli Zaretskii wrote:
> But please also nuke the (now incorrect) phrase in parentheses:
> 
> > +Setting this variable to @file{/} (without the quotes) disables this security
> > +protection.                       ^^^^^^^^^^^^^^^^^^^^
> 
> There are no quotes.

OK, I will remove it; but I have seen:
info:
	Setting this variable to `/' (without the quotes) disables this
PDF:
	Setting this variable to ‘/’ (without the quotes) disables this

Although now I see it is not everywhere:
HTML:
	Setting this variable to / (without the quotes) disables this security


Thanks,
Jan

[commit] [patch] auto-load safe-path reset back by set ""

[Jan Kratochvil]

Hi,

checked it in, there is some patch dependency and there were no more comments.


Thanks,
Jan


http://sourceware.org/ml/gdb-cvs/2012-05/msg00038.html

--- src/gdb/ChangeLog	2012/05/05 05:36:23	1.14211
+++ src/gdb/ChangeLog	2012/05/06 15:30:59	1.14212
@@ -1,3 +1,14 @@
+2012-05-06  Jan Kratochvil  <jan.kratochvil@redhat.com>
+
+	* auto-load.c (set_auto_load_safe_path): Reset AUTO_LOAD_SAFE_PATH
+	back to DEFAULT_AUTO_LOAD_SAFE_PATH if it is being set to "".
+	(show_auto_load_safe_path): Check any-directory by comparison with "/".
+	(add_auto_load_safe_path): Change the error message.
+	(_initialize_auto_load): Change the "safe-path" help text.
+	* configure: Regenerate
+	* configure.ac (--without-auto-load-safe-path): Set
+	WITH_AUTO_LOAD_SAFE_PATH to /.
+
 2012-05-05  Sergio Durigan Junior  <sergiodj@redhat.com>
 
 	* stap-probe.h: Do not include unecessary `probe.h'.
--- src/gdb/doc/ChangeLog	2012/05/03 07:07:24	1.1308
+++ src/gdb/doc/ChangeLog	2012/05/06 15:31:04	1.1309
@@ -1,3 +1,9 @@
+2012-05-06  Jan Kratochvil  <jan.kratochvil@redhat.com>
+
+	* gdb.texinfo (Auto-loading safe path): Make 'directories'
+	for 'set auto-load safe-path' optional.  Mention if it is omitted.
+	Change disabling security protection condition to "/", twice.
+
 2012-05-03  Siva Chandra Reddy  <sivachandra@google.com>
 
 	* gdb.texinfo (Symbol Tables In Python): Add documentation about
--- src/gdb/auto-load.c	2012/05/02 20:00:36	1.5
+++ src/gdb/auto-load.c	2012/05/06 15:31:02	1.6
@@ -181,6 +181,12 @@
 static void
 set_auto_load_safe_path (char *args, int from_tty, struct cmd_list_element *c)
 {
+  if (auto_load_safe_path[0] == '\0')
+    {
+      xfree (auto_load_safe_path);
+      auto_load_safe_path = xstrdup (DEFAULT_AUTO_LOAD_SAFE_PATH);
+    }
+
   auto_load_safe_path_vec_update ();
 }
 
@@ -190,7 +196,7 @@
 show_auto_load_safe_path (struct ui_file *file, int from_tty,
 			  struct cmd_list_element *c, const char *value)
 {
-  if (*value == 0)
+  if (strcmp (value, "/") == 0)
     fprintf_filtered (file, _("Auto-load files are safe to load from any "
 			      "directory.\n"));
   else
@@ -209,8 +215,9 @@
 
   if (args == NULL || *args == 0)
     error (_("\
-Adding empty directory element disables the auto-load safe-path security.  \
-Use 'set auto-load safe-path' instead if you mean that."));
+Directory argument required.\n\
+Use 'set auto-load safe-path /' for disabling the auto-load safe-path security.\
+"));
 
   s = xstrprintf ("%s%c%s", auto_load_safe_path, DIRNAME_SEPARATOR, args);
   xfree (auto_load_safe_path);
@@ -1029,8 +1036,10 @@
 Show the list of directories from which it is safe to auto-load files."), _("\
 Various files loaded automatically for the 'set auto-load ...' options must\n\
 be located in one of the directories listed by this option.  Warning will be\n\
-printed and file will not be used otherwise.  Use empty string (or even\n\
-empty directory entry) to allow any file for the 'set auto-load ...' options.\n\
+printed and file will not be used otherwise.\n\
+Setting this parameter to an empty list resets it to its default value.\n\
+Setting this parameter to '/' (without the quotes) allows any file\n\
+for the 'set auto-load ...' options.\n\
 This option is ignored for the kinds of files having 'set auto-load ... off'.\n\
 This options has security implications for untrusted inferiors."),
 				     set_auto_load_safe_path,
--- src/gdb/configure	2012/04/27 20:47:52	1.360
+++ src/gdb/configure	2012/05/06 15:31:02	1.361
@@ -4964,7 +4964,7 @@
 # Check whether --with-auto-load-safe-path was given.
 if test "${with_auto_load_safe_path+set}" = set; then :
   withval=$with_auto_load_safe_path; if test "$with_auto_load_safe_path" = "no"; then
-   with_auto_load_safe_path=""
+   with_auto_load_safe_path="/"
  fi
 else
   with_auto_load_safe_path="$prefix"
--- src/gdb/configure.ac	2012/04/27 20:47:53	1.171
+++ src/gdb/configure.ac	2012/05/06 15:31:03	1.172
@@ -141,7 +141,7 @@
 AS_HELP_STRING([--with-auto-load-safe-path=PATH], [directories safe to hold auto-loaded files])
 AS_HELP_STRING([--without-auto-load-safe-path], [do not restrict auto-loaded files locations]),
 [if test "$with_auto_load_safe_path" = "no"; then
-   with_auto_load_safe_path=""
+   with_auto_load_safe_path="/"
  fi],
 [with_auto_load_safe_path="$prefix"])
 AC_DEFINE_DIR(DEFAULT_AUTO_LOAD_SAFE_PATH, with_auto_load_safe_path,
--- src/gdb/doc/gdb.texinfo	2012/05/03 07:07:24	1.954
+++ src/gdb/doc/gdb.texinfo	2012/05/06 15:31:04	1.955
@@ -21219,9 +21219,12 @@
 @table @code
 @anchor{set auto-load safe-path}
 @kindex set auto-load safe-path
-@item set auto-load safe-path @var{directories}
+@item set auto-load safe-path @r{[}@var{directories}@r{]}
 Set the list of directories (and their subdirectories) trusted for automatic
 loading and execution of scripts.  You can also enter a specific trusted file.
+If you omit @var{directories}, @samp{auto-load safe-path} will be reset to
+its default value as specified during @value{GDBN} compilation.
+
 The list of directories uses directory separator (@samp{:} on GNU and Unix
 systems, @samp{;} on MS-Windows and MS-DOS) to separate directories, similarly
 to the @env{PATH} environment variable.
@@ -21240,7 +21243,7 @@
 host platform directory separator in use.
 @end table
 
-Setting this variable to an empty string disables this security protection.
+Setting this variable to @file{/} disables this security protection.
 This variable is supposed to be set to the system directories writable by the
 system superuser only.  Users can add their source directories in init files in
 their home directories (@pxref{Home Directory Init File}).  See also deprecated
@@ -21260,7 +21263,7 @@
 Specify this directory as in the previous case but just for a single
 @value{GDBN} session.
 
-@item @kbd{gdb -iex "set auto-load safe-path" @dots{}}
+@item @kbd{gdb -iex "set auto-load safe-path /" @dots{}}
 Disable auto-loading safety for a single @value{GDBN} session.
 This assumes all the files you debug during this @value{GDBN} session will come
 from trusted sources.

obsolete: [patch] auto-load safe-path default=$ddir/auto-load [Re: [patch] auto-load safe-path reset back by set ""]

[Jan Kratochvil]

Hi,

this patch is going to be replaced by a different implementation.


Jan