From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 29475 invoked by alias); 2 May 2011 19:51:08 -0000 Received: (qmail 29467 invoked by uid 22791); 2 May 2011 19:51:07 -0000 X-SWARE-Spam-Status: No, hits=-2.4 required=5.0 tests=AWL,BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,SPF_HELO_PASS,T_RP_MATCHES_RCVD X-Spam-Check-By: sourceware.org Received: from smtp-out.google.com (HELO smtp-out.google.com) (74.125.121.67) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Mon, 02 May 2011 19:50:52 +0000 Received: from hpaq14.eem.corp.google.com (hpaq14.eem.corp.google.com [172.25.149.14]) by smtp-out.google.com with ESMTP id p42Jopsl019177 for ; Mon, 2 May 2011 12:50:51 -0700 Received: from gyd8 (gyd8.prod.google.com [10.243.49.200]) by hpaq14.eem.corp.google.com with ESMTP id p42JoTjo030267 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NOT) for ; Mon, 2 May 2011 12:50:50 -0700 Received: by gyd8 with SMTP id 8so2141571gyd.28 for ; Mon, 02 May 2011 12:50:49 -0700 (PDT) MIME-Version: 1.0 Received: by 10.91.206.3 with SMTP id i3mr63205agq.153.1304365848830; Mon, 02 May 2011 12:50:48 -0700 (PDT) Received: by 10.90.72.6 with HTTP; Mon, 2 May 2011 12:50:48 -0700 (PDT) In-Reply-To: <20110502191455.GA6481@host1.jankratochvil.net> References: <20110429035837.9A1EA24619F@ruffy.mtv.corp.google.com> <20110429123634.GA23843@host1.jankratochvil.net> <20110429170824.GA6107@host1.jankratochvil.net> <20110502191455.GA6481@host1.jankratochvil.net> Date: Mon, 02 May 2011 19:51:00 -0000 Message-ID: Subject: Re: [RFA] Add $pdir as entry for libthread-db-search-path. From: Doug Evans To: Jan Kratochvil Cc: gdb-patches@sourceware.org, Tom Tromey Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-System-Of-Record: true X-IsSubscribed: yes Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org X-SW-Source: 2011-05/txt/msg00038.txt.bz2 On Mon, May 2, 2011 at 12:14 PM, Jan Kratochvil wrote: > On Sun, 01 May 2011 20:34:02 +0200, Doug Evans wrote: >> 1) This is a patch for the FSF tree, not Fedora. >> If this kind of security concern is the rule for the FSF tree > > As both libthread_db and pretty printers have the same attack surface (*)= as > =A0 =A0 =A0 =A0DWARF expression overflow > =A0 =A0 =A0 =A0http://cve.mitre.org/cgi-bin/cvename.cgi?name=3D2006-4146 > where this CVE lists all public GNU/Linux vendors I do not think such sec= urity > requirement is Fedora specific. > > (*) That is a foreign binary which is enough to just load into GDB. > > OTOH the other attack > =A0 =A0 =A0 =A0.gdbinit current directory execution > =A0 =A0 =A0 =A0http://cve.mitre.org/cgi-bin/cvename.cgi?name=3D2005-1705 > also lists multiple GNU/Linux vendors and the issue is not yet fixed in F= SF > GDB. =A0But this is IMO just still work in prograss / unfinished, not rej= ected: > =A0 =A0 =A0 =A0[RFA] .gdbinit security (revived) [incl doc] > =A0 =A0 =A0 =A0http://sourceware.org/ml/gdb-patches/2010-11/msg00276.html Thanks, but I'm still stuck ... Question for the group at large (and I it doesn't matter to me which way we go, I just want to make forward progress ...). Do we enforce such security concerns in FSF gdb? And if so, let's get these issues documented (I have a pet peeve regarding rules/issues that aren't written down). I see some things are documented (grep for security in gdb.texinfo) and we do have "remote system-call-allowed", but there's not yet any mention of libthread_db or autoloading of python code (a quick scan of the bugzilla didn't reveal anything). Second, If we address these security concerns what is the solution? One proposal is on the table. [Maintain a list of trusted paths in gdb and have a flag for permissive/restrictive mode. If in restrictive mode libthread_db and autoloaded python/gdbinit code has to come from a trusted path. I think one could take this further though.] Last, Do we need to address this before adding my $pdir patch?