From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 13673 invoked by alias); 15 Oct 2018 10:16:56 -0000 Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org Received: (qmail 13532 invoked by uid 89); 15 Oct 2018 10:16:39 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-1.9 required=5.0 tests=BAYES_00,MIME_BASE64_BLANKS,RCVD_IN_DNSWL_NONE,SPF_HELO_PASS,SPF_PASS autolearn=ham version=3.3.2 spammy=temporarily, H*Ad:D*ca, Hayward, oddly X-HELO: EUR01-VE1-obe.outbound.protection.outlook.com Received: from mail-ve1eur01on0041.outbound.protection.outlook.com (HELO EUR01-VE1-obe.outbound.protection.outlook.com) (104.47.1.41) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Mon, 15 Oct 2018 10:16:36 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=WTj7++f+pg3ZSttrL0MHTgSSDAcXQoRjJomr4XBLPMc=; b=ee4z1AsZXmSW+lvWZEh3IdhsspaWyVW2tA0haFXfeJOfZ1pYEeVWQXfmpJOuTeVaJ2ePjBuGufrvthz4S1Kw2Wr5dS0M7pgttse8/vZoZDLvHRk04wx1IYVbMX9xig0Guu1eGkkABZJ+aDS9QiJbm55ANVtk+HKBHMb2QrufhHU= Received: from DB6PR0802MB2133.eurprd08.prod.outlook.com (10.172.226.148) by DB6PR0802MB2469.eurprd08.prod.outlook.com (10.172.251.17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1228.23; Mon, 15 Oct 2018 10:16:22 +0000 Received: from DB6PR0802MB2133.eurprd08.prod.outlook.com ([fe80::748a:5f72:2321:bc11]) by DB6PR0802MB2133.eurprd08.prod.outlook.com ([fe80::748a:5f72:2321:bc11%6]) with mapi id 15.20.1228.027; Mon, 15 Oct 2018 10:16:22 +0000 From: Alan Hayward To: Sergio Durigan Junior CC: Ramana Radhakrishnan , Simon Marchi , GDB Patches , Simon Marchi , nd , Pedro Alves Subject: Re: Status of the AArch* builders Date: Mon, 15 Oct 2018 10:16:00 -0000 Message-ID: References: <20180606151629.36602-1-alan.hayward@arm.com> <20180606151629.36602-3-alan.hayward@arm.com> <9FBBFBF2-9363-49AA-8BC3-20E4E0AFBFED@arm.com> <5862fa9c22cc48d86256686e74d60f20@polymtl.ca> <82743c0795488492486076685b9f8828@polymtl.ca> <93f7cb8434f463508b3fc3cfbcd29ef0@polymtl.ca> <877en43qx1.fsf@redhat.com> <644470E6-AEB8-4F84-890C-7496EC8BB419@arm.com> <8736xr4ukx.fsf@redhat.com> <6b1500d9-bc31-aa09-586f-d451b910d880@foss.arm.com> <7BC78EF8-06BE-439B-835B-0F0847BF785F@arm.com> <877ejf50qo.fsf_-_@redhat.com> <87a7o7ot6r.fsf@redhat.com> <355AA6DE-FAB1-425B-8CE2-6E1508E57F88@arm.com> <87ftxb6l3u.fsf@redhat.com> In-Reply-To: <87ftxb6l3u.fsf@redhat.com> authentication-results: spf=none (sender IP is ) smtp.mailfrom=Alan.Hayward@arm.com; received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts) Content-Type: text/plain; charset="utf-8" Content-ID: <6583AC56BA1A364A93D7A24F48A8A41D@eurprd08.prod.outlook.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-IsSubscribed: yes X-SW-Source: 2018-10/txt/msg00321.txt.bz2 DQoNCj4gT24gMTIgT2N0IDIwMTgsIGF0IDIwOjA2LCBTZXJnaW8gRHVyaWdh biBKdW5pb3IgPHNlcmdpb2RqQHJlZGhhdC5jb20+IHdyb3RlOg0KPiANCj4g T24gVGh1cnNkYXksIE9jdG9iZXIgMTEgMjAxOCwgQWxhbiBIYXl3YXJkIHdy b3RlOg0KPiANCj4+PiBPbiAyNCBTZXAgMjAxOCwgYXQgMTU6MzksIFNlcmdp byBEdXJpZ2FuIEp1bmlvciA8c2VyZ2lvZGpAcmVkaGF0LmNvbT4gd3JvdGU6 DQo+Pj4gDQo+Pj4gT24gTW9uZGF5LCBTZXB0ZW1iZXIgMjQgMjAxOCwgQWxh biBIYXl3YXJkIHdyb3RlOg0KPj4+IA0KPj4+Pj4gT24gMjAgU2VwIDIwMTgs IGF0IDIyOjE1LCBTZXJnaW8gRHVyaWdhbiBKdW5pb3IgPHNlcmdpb2RqQHJl ZGhhdC5jb20+IHdyb3RlOg0KPj4+Pj4gSGkgZ3V5cywNCj4+Pj4+IA0KPj4+ Pj4gSnVzdCBhIHBpbmcgdG8gc2VlIGlmIHlvdSBoYXZlIHByb2dyZXNzZWQg b24gdGhpcy4gIEkndmUgbGVmdCB0aGUgQUFyY2gqDQo+Pj4+PiBidWlsZGVy cyB0aGVyZSwgYW5kIG5vdyB0aGV5J3JlICpyZWFsbHkqIGJlaGluZCAobW9y ZSB0aGFuIDEwMDAgYnVpbGRzDQo+Pj4+PiBpbiB0aGUgcXVldWUpLCBhbmQg YXQgbGVhc3Qgb25lIG9mIHRoZSBidWlsZHNsYXZlcyBpcyBvZmZsaW5lLg0K Pj4+Pj4gDQo+Pj4+PiBJIHdpbGwgdGVtcG9yYXJpbHkgcmVtb3ZlIHRoZSBi dWlsZGVycyBub3csIGJ1dCBpdCB3b3VsZCBiZSByZWFsbHkgbmljZQ0KPj4+ Pj4gdG8ga2VlcCBoYXZpbmcgQUFyY2gqIGJ1aWxkZXJzIGluIG91ciBCdWls ZEJvdC4NCj4+Pj4+IA0KPj4+Pj4gVGhhbmtzIGEgbG90LA0KPj4+PiANCj4+ Pj4gDQo+Pj4+IFJhbWFuYSBoYXMgZ290IHNvbWUgYWFyY2g2NCBtYWNoaW5l cyB1cCBvbiBwYWNrZXQubmV0IGZvciB1c2UgaW4gYnVpbGRib3QgaW5zdGVh ZA0KPj4+PiBvZiB0aGUgZXhpc3RpbmcgbWFjaGluZXMuIEkgdGhpbmsgYSBm ZXcgdGhpbmdzIGp1c3QgbmVlZCBmaW5hbGlzaW5nIGJlZm9yZSB0aGV5IGNh bg0KPj4+PiBiZSBoYW5kZWQgb3Zlci4NCj4+PiANCj4+PiBUaGF0J3MgZ3Jl YXQgbmV3cy4gIFRoYW5rcyBmb3IgZG9pbmcgdGhhdC4NCj4+PiANCj4+Pj4g T25jZSB0aGF04oCZcyBkb25lIEkgY2FuIGdldCBidWlsZGJvdCBzZXQgdXAg b24gdGhlbS4gQXJlIHRoZXJlIHNvbWUgc2ltcGxlIGluc3RydWN0aW9ucw0K Pj4+PiBmb3IgZ2V0dGluZyB0aGlzIGdvaW5nPw0KPj4+IA0KPj4+IFRoZXJl IGFyZSBpbnN0cnVjdGlvbnMgb24gb3VyIHdpa2k6DQo+Pj4gDQo+Pj4gaHR0 cHM6Ly9zb3VyY2V3YXJlLm9yZy9nZGIvd2lraS9CdWlsZEJvdCNIb3dfdG9f YWRkX3lvdXJfYnVpbGRzbGF2ZQ0KPj4+IA0KPj4+IEJ1dCBwbGVhc2UgZG8g bGV0IG1lIGtub3cgaWYgeW91IG5lZWQgYW55IGhlbHAuICBJIGNhbiB0YWtl IGNhcmUgb2YgdGhlDQo+Pj4gY29uZmlndXJhdGlvbiBvbiBteSBzaWRlLCBz byB5b3UgZG9uJ3QgaGF2ZSB0byBzdWJtaXQgYSBwYXRjaCBmb3IgdGhlDQo+ Pj4gbWFzdGVyLmNmZyBmaWxlIChhbHRob3VnaCB5b3UgY2FuIGlmIHlvdSB3 YW50KS4NCj4+PiANCj4+IA0KPj4gVGhlIG1hY2hpbmUgaXMgbm93IHJlYWR5 IGZvciBidWlsZGJvdCENCj4+IA0KPj4gQWFyY2g2NCwgVWJ1bnR1IDE2LjA0 LjUgTFRTLCA5NiBjb3Jlcw0KPiANCj4gVGhhdCdzIGdyZWF0IG5ld3MsIEFs YW4hDQo+IA0KPj4gSeKAmXZlIHNldHVwIGJ1aWxkYm90LXNsYXZlLTAuOC4x NCBpbiBhIHZpcnR1YWxlbnYvDQo+PiAoT2RkbHksIEkgaGFkIHRvIGluc3Rh bGwgdHdpc3RlZD09MTYuNC4xLCBhcyBhbnl0aGluZyBuZXdlciB0aGFuIHRo YXQgY2F1c2VkIGEgaGFuZykuDQo+PiANCj4+IEnigJl2ZSBtYW51YWxseSBj aGVja2VkIHlvdSBjYW4gYnVpbGQgZ2RiIGFuZCBydW4gdGhlIHRlc3RzdWl0 ZS4NCj4+IA0KPj4gTXkgcmVjZW50IGV4cGVyaW1lbnRzIHdpdGggdGhlIHRl c3RzdWl0ZSBvbiBBYXJjaDY0IHNob3cgYWxsIHRoZSB0aHJlYWRlZCB0ZXN0 cw0KPj4gYXJlIHF1aXRlIHJhY3kgb24gYSBmdWxseSBsb2FkZWQgdWJ1bnR1 LCB3aGVyZWFzIG9uIHJlZGhhdC9zdXNlIHRoZXkgYXJlIGZhaXJseQ0KPj4g c3RhYmxlLiBJ4oCZbSBzdGlsbCBsb29raW5nIGludG8gd2h5IHRoaXMgaXMu IEJ1dCwgaW4gdGhlIHNob3J0LXRlcm0gbWF5YmUgd2Ugc2hvdWxkDQo+PiBy ZXN0cmljdCB0aGUgbnVtYmVyIG9mIGpvYnMgdG8gMzIgKG9yIG1heWJlIGV2 ZW4gZmV3ZXI/KQ0KPiANCj4gU3VyZSwgbm8gcHJvYmxlbS4gIFdoYXQgZG8g eW91IHRoaW5rIG9mIDE2Pw0KDQpJ4oCZdmUgYmVlbiBydW5uaW5nIHNvbWUg bW9yZSB0ZXN0cyBvdmVyIHRoZSB3ZWVrZW5kLiBBdCAzMiBJIHN0aWxsIGdl dCBxdWl0ZSBhIGJpdCBvZiByYWN5DQpiZWhhdmlvdXIsIGFuZCBhdCAxNiBp dCBsb29rcyByb3VnaGx5IHRoZSBzYW1lIGFzIGFuIHg4NiBydW4uDQoNClNv IHllcywgMTYgc291bmRzIGdvb2QuDQoNCj4gDQo+PiBTZXJnaW8sIGNvdWxk IHlvdSBwbGVhc2UgYWRkIHRoZSByZWxldmFudCBzZXJ2ZXIgY29uZmlnLg0K PiANCj4gSXQncyBhIGdvb2QgaWRlYSB0byBmb2xsb3cgdGhlIGluc3RydWN0 aW9ucyBoZXJlOg0KPiANCj4gIDxodHRwczovL3NvdXJjZXdhcmUub3JnL2dk Yi93aWtpL0J1aWxkQm90I0J1aWxkc2xhdmVfY29uZmlndXJhdGlvbj4NCj4g DQo+IEFuZCBtYWtlIHN1cmUgdGhhdCBhbGwgb2YgdGhlIG5lY2Vzc2FyeS9y ZWNvbW1lbmRlZCBkZXBzIGFyZSBpbnN0YWxsZWQNCj4gaW4gdGhlIG1hY2hp bmUuICBUaGUgbW9yZSBkZXBzLCB0aGUgbW9yZSB0ZXN0cyB3aWxsIGJlIHBl cmZvcm1lZC4NCg0KQWxsIGxvb2tzIGdvb2QuDQoNCknigJltIG5vdCBzdXJl IHdobyBnZXRzIGFjY2VzcyB0byB0aGUgd2lraSAobG9va3MgbGlrZSBJIGNh buKAmXQgbG9nIGluKS4NCkVycm9ycyBJIG5vdGljZWQ6DQoqIFRoZXJlIGlz IGEgbWVudGlvbiBvZiBib3RoIDAuOC4xNCBhbmQgMC44LjEyIGZvciBidWls ZHNsYXZlDQoqIFRoZSBEZWJpYW4gc3BlY2lmaWMgaW5zdHJ1Y3Rpb25zIHNo b3VsZCBwcm9iYWJseSBhbHNvIGJlIGZvciBVYnVudHUgdG9vLg0KDQo+IA0K PiBZb3Ugd2lsbCBuZWVkIGEgcGFzc3dvcmQgdG8gY29ubmVjdCB0byB0aGUg QnVpbGRCb3QgbWFzdGVyLiAgSSB3aWxsIHNlbmQNCj4gaXQgdG8geW91IGlu IHByaXZhdGUuDQoNClNsYXZlIGNyZWF0ZWQuDQoNCj4gDQo+IEkgYWxzbyBy ZWNvbW1lbmQgY3JlYXRpbmcgYXQgbGVhc3QgMyBidWlsZGVycyBhc3NvY2lh dGVkIHdpdGggZWFjaA0KPiBzbGF2ZTogbmF0aXZlLCBuYXRpdmUtZ2Ric2Vy dmVyLCBhbmQgbmF0aXZlLWV4dGVuZGVkLWdkYnNlcnZlci4gIElmDQo+IHlv dSdyZSBPSyB3aXRoIGl0LCBJJ2xsIGRvIHRoYXQuDQo+IA0KDQpUaGF04oCZ cyBmaW5lLg0KDQoNCj4gTGFzdCBxdWVzdGlvbjogaXMgdGhlcmUgYW55IHNw ZWNpYWwgZmxhZ3MgbmVlZGVkIHRvIGJ1aWxkIEdEQiBvbiB0aGUNCj4gbWFj aGluZT8NCj4gDQoNCk5vcGUuIE15IHVzdWFsIGJ1aWxkIGxpbmUgaXM6DQok IGNvbmZpZ3VyZSAtLWVuYWJsZS1zaW0gLS1kaXNhYmxlLWdwcm9mIC0tZGlz YWJsZS1nb2xkIC0tZGlzYWJsZS1nYXMNCiQgbWFrZQ0KDQoNCj4gVGhhbmtz IQ0KPiANCj4gLS0gDQo+IFNlcmdpbw0KPiBHUEcga2V5IElEOiAyMzdBIDU0 QjEgMDI4NyAyOEJGIDAwRUYgIDMxRjQgRDBFQiA3NjI4IDY1RkMgNUUzNg0K PiBQbGVhc2Ugc2VuZCBlbmNyeXB0ZWQgZS1tYWlsIGlmIHBvc3NpYmxlDQo+ IGh0dHA6Ly9zZXJnaW9kai5uZXQvDQoNCg== >From gdb-patches-return-151604-listarch-gdb-patches=sources.redhat.com@sourceware.org Mon Oct 15 11:28:17 2018 Return-Path: Delivered-To: listarch-gdb-patches@sources.redhat.com Received: (qmail 87817 invoked by alias); 15 Oct 2018 11:28:17 -0000 Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org Delivered-To: mailing list gdb-patches@sourceware.org Received: (qmail 87710 invoked by uid 89); 15 Oct 2018 11:28:16 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-2.6 required=5.0 tests=AWL,BAYES_00,SPF_PASS autolearn=ham version=3.3.2 spammy=risks X-HELO: jocasta.intra Received: from de.cellform.com (HELO jocasta.intra) (88.217.224.109) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Mon, 15 Oct 2018 11:28:14 +0000 Received: from jocasta.intra (localhost [127.0.0.1]) by jocasta.intra (8.15.2/8.15.2/Debian-8) with ESMTPS id w9FBS9ho000409 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 15 Oct 2018 13:28:09 +0200 Received: (from john@localhost) by jocasta.intra (8.15.2/8.15.2/Submit) id w9FBS9uL000408; Mon, 15 Oct 2018 13:28:09 +0200 Date: Mon, 15 Oct 2018 11:28:00 -0000 From: John Darrington To: Simon Tatham Cc: John Darrington , gdb-patches@sourceware.org, nd@arm.com Subject: Re: [PATCH 2/4] GDB: Document the unix::/path/to/socket of remote connection. Message-ID: <20181015112809.nbggzudqroxn6wio@jocasta.intra> References: <20181013175801.2670-1-john@darrington.wattle.id.au> <20181013175801.2670-2-john@darrington.wattle.id.au> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: NeoMutt/20170113 (1.7.2) X-SW-Source: 2018-10/txt/msg00322.txt.bz2 Content-length: 2334 On Mon, Oct 15, 2018 at 10:31:01AM +0100, Simon Tatham wrote: Hi, I was pointed at this thread by a colleague, because last week I was also considering submitting a patch to allow gdb and gdbserver to talk to each other over Unix-domain sockets, and he pointed out that it was already in progress :-) I'd like to suggest that this documentation change under-stresses what I see as the most important reason why this is a useful feature: security. The gdbserver protocol is cleartext and unauthenticated. Running it on a TCP port means that anyone who can connect to that port ??? and depending on the network environment, that might be a lot of people ??? can request gdbserver to execute arbitrary code in the context of the process being debugged, without having to give a vestige of proof as to their right to ask for it. This is not really the kind of feature we like about network protocols in the modern world! But Unix-domain sockets are access-controlled via the file permissions on the path leading to the socket file. If you use this new feature to make a Unix-domain socket inside a directory that only your user id has access to, then any process physically capable of connecting to the socket has already proved its right to run code under your user id. So this solves the whole issue, while keeping all the other conveniences of the socket-based gdbserver transport. Cheers, Simon This is a good point. But really it belongs under the heading of the risks associated with TCP/IP sockets - not the risk which is absent when using Unix sockets. The documentation already has this warning: _Warning:_ 'gdbserver' does not have any built-in security. Do not run 'gdbserver' connected to any public network; a GDB connection to 'gdbserver' provides access to the target system with the same privileges as the user running 'gdbserver'. ... perhaps that could be expanded to discuss the relative merits of UDS vs. TCP/IP J' -- Avoid eavesdropping. Send strong encrypted email. PGP Public key ID: 1024D/2DE827B3 fingerprint = 8797 A26D 0854 2EAB 0285 A290 8A67 719C 2DE8 27B3 See http://sks-keyservers.net or any PGP keyserver for public key.