From: Khoo Yit Phang <khooyp@cs.umd.edu>
To: Doug Evans <dje@google.com>
Cc: Khoo Yit Phang <khooyp@cs.umd.edu>,
Joel Brobecker <brobecker@adacore.com>,
Jan Kratochvil <jan.kratochvil@redhat.com>,
GDB Patches <gdb-patches@sourceware.org>
Subject: Re: [PATCH] Also install data-directory into the build directory as computed by relocate_gdb_directory
Date: Sat, 06 Oct 2012 19:02:00 -0000 [thread overview]
Message-ID: <970CCEFD-FF30-4ED4-9ED9-F9C6A5400120@cs.umd.edu> (raw)
In-Reply-To: <CADPb22RVzBX0vJY6ra3kquQO95D=jda_W_quAHO_YqFq4HpqyA@mail.gmail.com>
Hi,
On Oct 4, 2012, at 11:07 AM, Doug Evans wrote:
> On Thu, Oct 4, 2012 at 7:51 AM, Joel Brobecker <brobecker@adacore.com> wrote:
>>>> I think that this is opening the door for allowing GDB to execute
>>>> code without the user being aware of it. I'd rather avoid that.
>>>
>>> How so?
>>
>> Let's say: I build a debugger and install it somewhere, and then
>> tell my collegues: Hey, use my super-duper GDB. Then, someone hacks
>> into my account, set things up to put my GDB into a situation where
>> it will think that it's still in a build directory, and then place
>> some code in the datadir/python area to auto-execute some malicious
>> code...
>
> If they've hacked into your account seems like it's game over regardless.
> [All sorts of nasties could be inflicted - e.g., just hack the gdb
> binary directly.]
I think the bigger issue is that $BUILDDIR/gdb/data-directory overrides the standard data-directory. If we detect run-from-builddir based on the presence of other files/directories, and some other application happens to use the same files/directories, then the user is basically stuck with either a non-working gdb (sans -data-directory) or having to uninstall that other application.
I prefer just installing data-directory into $BUILDDIR/share/data-directory, which is simple and works as long as gdb isn't configured with --bindir, --exec-prefix, and/or --with-gdb-datadir that are too unusual. It should cover most purposes of running gdb from the build directory, since I don't see much reason to change --bindir, --exec-prefix, and/or --with-gdb-datadir if gdb won't be installed, unless for testing those flags, in which case gdb will likely have to be installed anyways. Does anyone currently have a use case I'm missing?
I'm okay with Joel's idea of detecting based on the gdb binary name, i.e., we can link/copy another binary named "gdb-dev" (or something easy to Google) to gdb, and load the build-local data directory when it is run. This can't suffer from inadvertent collisions with other applications, and it's fairly obvious to users that they are not running the standard gdb since they have to type it out, and us GDB developers will have to run "gdb/gdb-dev gdb/gdb" to debug gdb which is trivial. There's no need to compile/link another program, but there's a small expense of dead code when installed, and a small risk of a user sym-linking "gdb-dev" to gdb (or making a copy or using execv with argv[0] == "gdb-dev").
Yit
October 6, 2012
next prev parent reply other threads:[~2012-10-06 19:02 UTC|newest]
Thread overview: 72+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-09-18 20:33 [PATCH] Try to initialize data-directory by first searching for "data-directory" in the same directory as the gdb binary Khoo Yit Phang
2012-09-19 13:01 ` Jan Kratochvil
2012-09-19 19:53 ` [PATCH 1/2]: Refactor relocate_path to also check if the relocated file/directory exists Khoo Yit Phang
2012-09-21 18:27 ` Jan Kratochvil
2012-09-21 18:36 ` Eli Zaretskii
2012-09-21 18:46 ` Jan Kratochvil
2012-09-21 18:59 ` Eli Zaretskii
2012-09-21 19:09 ` Andreas Schwab
2012-09-22 16:07 ` Khoo Yit Phang
2012-09-25 6:59 ` Jan Kratochvil
2012-09-19 19:56 ` [PATCH 2/2] Try to initialize data-directory by first searching for "data-directory" in the same directory as the gdb binary Khoo Yit Phang
2012-09-21 18:31 ` Jan Kratochvil
2012-09-21 19:05 ` Khoo Yit Phang
2012-09-22 11:08 ` Jan Kratochvil
2012-09-22 15:50 ` Khoo Yit Phang
2012-09-24 7:30 ` Joel Brobecker
2012-09-24 13:14 ` Khoo Yit Phang
2012-09-24 14:24 ` Eli Zaretskii
2012-09-24 14:37 ` Khoo Yit Phang
2012-09-24 14:51 ` Eli Zaretskii
2012-09-24 15:00 ` Khoo Yit Phang
2012-09-24 15:27 ` Khoo Yit Phang
2012-09-24 15:49 ` Eli Zaretskii
2012-09-24 14:59 ` Joel Brobecker
2012-09-24 15:08 ` Khoo Yit Phang
2012-09-24 15:09 ` Eli Zaretskii
2012-09-24 15:12 ` Khoo Yit Phang
2012-09-24 15:27 ` Joel Brobecker
2012-09-24 16:10 ` Khoo Yit Phang
2012-09-24 16:45 ` Khoo Yit Phang
2012-09-24 17:04 ` Joel Brobecker
2012-09-24 19:19 ` [PATCH] Also install data-directory into the build directory as computed by relocate_gdb_directory Khoo Yit Phang
2012-09-27 9:17 ` Joel Brobecker
2012-09-27 14:57 ` Khoo Yit Phang
2012-10-03 21:31 ` Doug Evans
2012-10-04 0:09 ` Joel Brobecker
2012-10-04 0:50 ` Doug Evans
2012-10-04 1:34 ` Joel Brobecker
2012-10-04 3:41 ` Khoo Yit Phang
2012-10-04 13:39 ` Joel Brobecker
2012-10-04 14:26 ` Doug Evans
2012-10-04 14:25 ` Doug Evans
2012-10-04 14:51 ` Joel Brobecker
2012-10-04 15:07 ` Doug Evans
2012-10-04 15:28 ` Joel Brobecker
2012-10-06 19:02 ` Khoo Yit Phang [this message]
2012-10-06 19:25 ` Eli Zaretskii
2012-10-06 19:36 ` Khoo Yit Phang
2012-10-06 20:07 ` Eli Zaretskii
2012-10-06 20:12 ` Khoo Yit Phang
2012-10-06 20:29 ` Eli Zaretskii
2012-10-06 20:32 ` Khoo Yit Phang
2012-10-06 21:00 ` Eli Zaretskii
2012-10-08 16:33 ` Doug Evans
2012-10-08 20:13 ` Khoo Yit Phang
2012-10-08 20:24 ` Doug Evans
2012-10-09 5:48 ` Joel Brobecker
2012-10-09 16:49 ` Eli Zaretskii
2012-10-04 3:43 ` Eli Zaretskii
2012-10-04 13:49 ` Joel Brobecker
2012-10-04 14:48 ` Doug Evans
2012-10-04 15:23 ` Doug Evans
2012-10-04 17:07 ` Eli Zaretskii
2012-09-24 18:12 ` [PATCH 2/2] Try to initialize data-directory by first searching for "data-directory" in the same directory as the gdb binary Eli Zaretskii
2012-09-24 20:49 ` Joel Brobecker
2012-09-24 21:08 ` Eli Zaretskii
2012-09-24 21:37 ` Joel Brobecker
2012-09-25 6:29 ` Eli Zaretskii
2012-09-25 6:35 ` Joel Brobecker
2012-09-25 6:50 ` Eli Zaretskii
2012-09-25 7:02 ` Joel Brobecker
2012-09-24 18:11 ` Eli Zaretskii
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=970CCEFD-FF30-4ED4-9ED9-F9C6A5400120@cs.umd.edu \
--to=khooyp@cs.umd.edu \
--cc=brobecker@adacore.com \
--cc=dje@google.com \
--cc=gdb-patches@sourceware.org \
--cc=jan.kratochvil@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox