From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from simark.ca by simark.ca with LMTP id eG42JMbMv2U4AhMAWB0awg (envelope-from ) for ; Sun, 04 Feb 2024 12:43:34 -0500 Received: by simark.ca (Postfix, from userid 112) id 8FC5D1E0C3; Sun, 4 Feb 2024 12:43:34 -0500 (EST) Received: from server2.sourceware.org (server2.sourceware.org [8.43.85.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (prime256v1) server-digest SHA256) (No client certificate requested) by simark.ca (Postfix) with ESMTPS id 7F99D1E092 for ; Sun, 4 Feb 2024 12:43:32 -0500 (EST) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id E52493858427 for ; Sun, 4 Feb 2024 17:43:31 +0000 (GMT) Received: from mail-out.m-online.net (mail-out.m-online.net [IPv6:2001:a60:0:28:0:1:25:1]) by sourceware.org (Postfix) with ESMTPS id 38AA23858C41 for ; Sun, 4 Feb 2024 17:43:13 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 38AA23858C41 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=linux-m68k.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=nefkom.net ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 38AA23858C41 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2001:a60:0:28:0:1:25:1 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1707068594; cv=none; b=MHJb/MQ8liv5oEeay9Ga9WqvvcLpQWxh1nK9MAws1j/N6BJUh1Ri36wrWTIbbfS7HhuzqHqlfJeZhI4TVxHIp3wFvrNPF3Ez3NW9MjrC8rCjSTgxKhFS8Do0clkDXW5yaa74NCT04W87KSH0XJh4vGihR/mFI2+zkjyM9NidZLY= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1707068594; c=relaxed/simple; bh=asKgcy0lYU6rLdNSHMdvJxMzbe/sQqVFVU2sEI7cwKQ=; h=From:To:Subject:Date:Message-ID:MIME-Version; b=ASzkmoiamhUb15SDB7HpgEl4U8nWi+d8hed9uoFUjYMWerMtzQDGDU1O4FISKNSsTqgEAVRsMQ3IWGdP0Xwh4M6X5WC8uDriFW2CEcsuZ+Zganl11+YH/uXufRzB1PbNJPjpCZdAzbyMklyDvFP7gTbzTN2IBKvXyNfeetZfgd8= ARC-Authentication-Results: i=1; server2.sourceware.org Received: from frontend01.mail.m-online.net (unknown [192.168.8.182]) by mail-out.m-online.net (Postfix) with ESMTP id 4TScL62Qj3z1sB7x; Sun, 4 Feb 2024 18:43:08 +0100 (CET) Received: from localhost (dynscan1.mnet-online.de [192.168.6.68]) by mail.m-online.net (Postfix) with ESMTP id 4TScL42zCtz1qqlY; Sun, 4 Feb 2024 18:43:08 +0100 (CET) X-Virus-Scanned: amavis at mnet-online.de Received: from mail.mnet-online.de ([192.168.8.182]) by localhost (dynscan1.mail.m-online.net [192.168.6.68]) (amavis, port 10024) with ESMTP id pgvLF8HU_R1P; Sun, 4 Feb 2024 18:43:07 +0100 (CET) X-Auth-Info: 6RHqvJQrs7EbCEtD4oOJ3YEoAkgv/+PiirpWDPTNApXiWCvX4R6c9MPP6YmJkEIJ Received: from igel.home (aftr-62-216-202-192.dynamic.mnet-online.de [62.216.202.192]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mail.mnet-online.de (Postfix) with ESMTPSA; Sun, 4 Feb 2024 18:43:07 +0100 (CET) Received: by igel.home (Postfix, from userid 1000) id 2264F2C1A43; Sun, 4 Feb 2024 18:43:07 +0100 (CET) From: Andreas Schwab To: Eli Zaretskii Cc: Andrew Burgess , gdb-patches@sourceware.org, siddhesh@redhat.com, kevinb@redhat.com, simark@simark.ca, felix.willgerodt@intel.com, paulkoning@comcast.net Subject: Re: [RFC] Adding a SECURITY policy for GDB In-Reply-To: <8634u82lna.fsf@gnu.org> (Eli Zaretskii's message of "Sun, 04 Feb 2024 19:18:33 +0200") References: <877cmvui64.fsf@redhat.com> <87wmtog2f4.fsf@redhat.com> <83cyvfy7a2.fsf@gnu.org> <877cjk5jo5.fsf@redhat.com> <8634u82lna.fsf@gnu.org> X-Yow: Sometimes a TABOO is just a good CIGAR -- or a rare STEAK -- or a dry MARTINI! Date: Sun, 04 Feb 2024 18:43:07 +0100 Message-ID: <875xz42kic.fsf@igel.home> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Status: No, score=-0.6 required=5.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS, KAM_DMARC_STATUS, RCVD_IN_BARRACUDACENTRAL, RCVD_IN_DNSWL_LOW, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: gdb-patches@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Gdb-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: gdb-patches-bounces+public-inbox=simark.ca@sourceware.org On Feb 04 2024, Eli Zaretskii wrote: > What bothered me here is that when you say "gdb ./program", GDB can do > two things which constitute code execution: > > . run some startup code in the program, for example, load some > shared libraries, which could trigger execution of some code in > those libraries, or > . process various init files, which could invoke code in > Python/Guile, or call functions inside the debuggee > > The second item actually happens when you say "gdb ./emacs" in the src > directory of an Emacs source tree, because there's a .gdbinit file Not by default. It needs to be enabled by setting the auto-load safe-path. -- Andreas Schwab, schwab@linux-m68k.org GPG Key fingerprint = 7578 EB47 D4E5 4D69 2510 2552 DF73 E780 A9DA AEC1 "And now for something completely different."