From: Sergio Durigan Junior <sergiodj@redhat.com>
To: Eli Zaretskii <eliz@gnu.org>
Cc: simon.marchi@ericsson.com, gdb-patches@sourceware.org
Subject: Re: [PATCH] Make sure GDB uses a valid shell when starting the inferior and to perform the "shell" command
Date: Sat, 25 Jul 2015 17:03:00 -0000 [thread overview]
Message-ID: <87k2to41bj.fsf@redhat.com> (raw)
In-Reply-To: <834mks196a.fsf@gnu.org> (Eli Zaretskii's message of "Sat, 25 Jul 2015 19:41:49 +0300")
On Saturday, July 25 2015, Eli Zaretskii wrote:
>> From: Sergio Durigan Junior <sergiodj@redhat.com>
>> Cc: Simon Marchi <simon.marchi@ericsson.com>, gdb-patches@sourceware.org
>> Date: Sat, 25 Jul 2015 12:29:56 -0400
>>
>> My goal was not to match every possible invalid shell out there, nor to
>> make sure that the specified shell is a known and valid shell. My goal
>> was to make sure that the shell exists, is an executable, and is not
>> something that is commonly used to disable logins (/sbin/nologin or
>> /bin/false are the obvious candidates here).
>>
>> The 2 additional candidates that have been mentioned were actually just
>> 1: I did not remember to include /bin/false in the list before, but
>> /usr/sbin/nologin is nologin (and I could even just check for the
>> basename as you proposed in another message, eliminating the need to
>> include checks for {,/usr}).
>>
>> I don't think we will see the list of non-shells expanding much more.
>> One can always say "Hey, but /bin/ls is a not a shell!", and we will say
>> "Right, and it is not commonly used as shell anyway".
>
> Just reading the section you proposed for the manual seems to imply
> the goals are much wider than you say above. If we only want to avoid
> these 2 non-shells, why do we even need to document that obscure
> detail?
Because I think it is worth documenting this to the user; the more
information we give about how GDB behaves, the better (IMHO).
The new section says:
@node Valid Shell
@subsection Valid Shell
@value{GDBN} considers a @emph{valid shell} a file that:
@enumerate
@item
Exists and can be executed by the user.
@item
Is not the @file{/sbin/nologin} (or @file{/usr/sbin/nologin}) program.
@item
Is not the @file{/bin/false} program.
@end enumerate
If any of those conditions are not met, the specified shell is not
used by @value{GDBN}.
I do not see any difference from what I said above, but if you think
this text can be improved, or that this text is not needed at all, then
by all means feel free to ask this.
>> Finally, I don't want to forbid the user to specify her own shell to run
>> the inferior, and to name her shell as she wants.
>
> Her shell could be named /sbin/nologin, no?
Yes... I should have said:
Finally, I don't want to forbid the user to specify her own shell to
run the inferior, and to name her shell as she wants, as long as it is
not named {,/usr}/sbin/nologin and /bin/false, and as long as it is an
existing file, and as long as this file can be executed by her.
Thanks,
--
Sergio
GPG key ID: 237A 54B1 0287 28BF 00EF 31F4 D0EB 7628 65FC 5E36
Please send encrypted e-mail if possible
http://sergiodj.net/
next prev parent reply other threads:[~2015-07-25 17:03 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-07-24 18:20 Sergio Durigan Junior
2015-07-24 18:34 ` Simon Marchi
2015-07-24 19:10 ` Sergio Durigan Junior
2015-07-24 19:17 ` Eli Zaretskii
2015-07-24 19:29 ` Sergio Durigan Junior
2015-07-24 19:53 ` Eli Zaretskii
2015-07-24 20:09 ` Simon Marchi
2015-07-24 20:20 ` Sergio Durigan Junior
2015-07-25 7:10 ` Eli Zaretskii
2015-07-25 16:30 ` Sergio Durigan Junior
2015-07-25 16:41 ` Eli Zaretskii
2015-07-25 17:03 ` Sergio Durigan Junior [this message]
2015-07-25 17:30 ` Eli Zaretskii
2015-07-25 23:46 ` Sergio Durigan Junior
2015-07-24 20:29 ` Paul_Koning
2015-07-24 20:38 ` Simon Marchi
2015-07-24 20:51 ` Paul_Koning
2015-07-24 21:36 ` Matt Rice
2015-07-25 7:20 ` Eli Zaretskii
[not found] ` <87y4i547lk.fsf@redhat.com>
2015-07-25 7:16 ` Eli Zaretskii
2015-07-24 20:18 ` Andreas Schwab
2015-07-25 7:11 ` Eli Zaretskii
2015-07-25 7:54 ` Andreas Schwab
2015-07-25 8:09 ` Eli Zaretskii
2015-07-24 19:54 ` Simon Marchi
2015-07-24 18:43 ` Luis Machado
2015-07-24 19:08 ` Sergio Durigan Junior
2015-07-24 19:15 ` Eli Zaretskii
2015-07-24 20:38 ` [PATCH v2] " Sergio Durigan Junior
2015-07-26 0:14 ` [PATCH v3] " Sergio Durigan Junior
2015-07-26 8:05 ` Doug Evans
2015-07-26 17:03 ` Doug Evans
2015-07-26 19:26 ` Sergio Durigan Junior
2015-07-26 20:48 ` Doug Evans
2015-07-28 23:11 ` Pedro Alves
2015-07-29 19:21 ` Sergio Durigan Junior
2015-07-26 15:04 ` Eli Zaretskii
2015-07-28 19:58 ` [PATCH] Warn the user when $SHELL is invalid Sergio Durigan Junior
2015-07-28 23:12 ` Pedro Alves
2015-07-29 19:22 ` Sergio Durigan Junior
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87k2to41bj.fsf@redhat.com \
--to=sergiodj@redhat.com \
--cc=eliz@gnu.org \
--cc=gdb-patches@sourceware.org \
--cc=simon.marchi@ericsson.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox