From: Eli Zaretskii <eliz@gnu.org>
To: Jan Kratochvil <jan.kratochvil@redhat.com>
Cc: gdb-patches@sourceware.org
Subject: Re: [patch 4/6] set auto-load safe-path
Date: Sat, 24 Mar 2012 19:19:00 -0000 [thread overview]
Message-ID: <834ntdu7sh.fsf@gnu.org> (raw)
In-Reply-To: <20120324183946.GE26662@host2.jankratochvil.net>
> Date: Sat, 24 Mar 2012 19:39:46 +0100
> From: Jan Kratochvil <jan.kratochvil@redhat.com>
>
> +set auto-load safe-path <dir1>[:<dir2>...]
> +show auto-load safe-path
> + Sets a list of directories safe to hold auto-loaded files.
Set a list of directories from which it is safe to auto-load files.
or
Set a list of directories that are safe for storing auto-load files.
> +Set the directories safe to hold auto-loaded files."), _("\
> +Show the directories safe to hold auto-loaded files."), _("\
Same here.
> +@node auto-load safe-path
> +@subsubsection Security restriction for auto-loading
> +@cindex auto-load safe-path
> +
> +As the files of inferior can come from untrusted source (such as submitted by
> +an application user) @value{GDBN} does not always load any files automatically.
> +
> +This setting should contain so called canonical filenames, after any symbolic
> +links, current and parent directories have been resolved. Both the
> +@samp{auto-load safe-path} setting and the scripts being verified are
> +canonicalized first for their matching.
> +
> +@table @code
> +@kindex set auto-load safe-path
> +@item set auto-load safe-path @var{directories}
> +Set the list of directories (and their subdirectories) trusted for automatic
> +loading and execution of scripts. The list of directories uses directory
> +separator as its delimiter. You can also enter a specific trusted file.
> +
> +@kindex show auto-load safe-path
> +@item show auto-load safe-path
> +Show the list of directories (and their subdirectories) trusted for automatic
> +loading and execution of scripts.
> +@end table
> +
> +Setting this variable to an empty string disables this security protection.
> +This variable is supposed to be set to the system directories writable by the
> +system superuser only. Users can add their source directories in home
> +directories. See also the deprecated option @xref{local-gdbinit}.
> +
> +Be aware even downloaded source packages may contain exploit code which may get
> +executed by @value{GDBN} without explicitly running any program therein.
This text should explain what happens if an auto-load file is found in
a directory not on this list. Is it silently ignored? ignored with a
warning message? is the user prompted for permission to load it?
something else?
next prev parent reply other threads:[~2012-03-24 19:19 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-03-24 18:40 Jan Kratochvil
2012-03-24 19:19 ` Eli Zaretskii [this message]
2012-03-25 19:07 ` Jan Kratochvil
2012-03-25 21:17 ` Eli Zaretskii
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=834ntdu7sh.fsf@gnu.org \
--to=eliz@gnu.org \
--cc=gdb-patches@sourceware.org \
--cc=jan.kratochvil@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox