From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 20920 invoked by alias); 24 Jul 2015 19:29:02 -0000 Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org Received: (qmail 20910 invoked by uid 89); 24 Jul 2015 19:29:01 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-1.9 required=5.0 tests=AWL,BAYES_00,KAM_LAZY_DOMAIN_SECURITY,RP_MATCHES_RCVD,SPF_HELO_PASS autolearn=ham version=3.3.2 X-HELO: mx1.redhat.com Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with (AES256-GCM-SHA384 encrypted) ESMTPS; Fri, 24 Jul 2015 19:29:00 +0000 Received: from int-mx09.intmail.prod.int.phx2.redhat.com (int-mx09.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by mx1.redhat.com (Postfix) with ESMTPS id C70E983F82; Fri, 24 Jul 2015 19:28:59 +0000 (UTC) Received: from localhost (unused-10-15-17-51.yyz.redhat.com [10.15.17.51]) by int-mx09.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id t6OJSxq0025684 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Fri, 24 Jul 2015 15:28:59 -0400 From: Sergio Durigan Junior To: Eli Zaretskii Cc: simon.marchi@ericsson.com, gdb-patches@sourceware.org Subject: Re: [PATCH] Make sure GDB uses a valid shell when starting the inferior and to perform the "shell" command References: <1437761993-18758-1-git-send-email-sergiodj@redhat.com> <55B2850D.6030306@ericsson.com> <87k2tp5q3g.fsf@redhat.com> <838ua52wmp.fsf@gnu.org> X-URL: http://blog.sergiodj.net Date: Fri, 24 Jul 2015 19:29:00 -0000 In-Reply-To: <838ua52wmp.fsf@gnu.org> (Eli Zaretskii's message of "Fri, 24 Jul 2015 22:17:34 +0300") Message-ID: <87fv4d5p8l.fsf@redhat.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-IsSubscribed: yes X-SW-Source: 2015-07/txt/msg00720.txt.bz2 On Friday, July 24 2015, Eli Zaretskii wrote: >> From: Sergio Durigan Junior >> Cc: GDB Patches >> Date: Fri, 24 Jul 2015 15:10:27 -0400 >> >> > Note that on my Ubuntu 14.04: >> > >> > $ which nologin >> > /usr/sbin/nologin >> >> /sbin/nologin is probably a symlink to this file, isn't it? But yeah, >> the check could include /usr/sbin/nologin as well. >> >> > I think that /bin/false is also commonly specified as the default shell >> > for system users (at least according to my /etc/passwd). >> >> Indeed. I will include /bin/false as well. > > Since the number of valid shells is much smaller than the number of > non-shell programs, isn't it better to have a database of known shells > than to have a database of non-shells people could be expected to set > SHELL to? My intention is not to catch all the invalid shells that can be set, but rather make sure that the shell is at least an executable, and is not something that is commonly used as a "non-shell", like /sbin/nologin or /bin/false. Other than these two I cannot think of many more options to cover in the check. Another good thing about doing this type of check is that every known and unknown shell will still work. When we explicitly check for certain shell's as you suggest, it means that if we forget any of them its users will be negatively impacted. -- Sergio GPG key ID: 237A 54B1 0287 28BF 00EF 31F4 D0EB 7628 65FC 5E36 Please send encrypted e-mail if possible http://sergiodj.net/