From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 5695 invoked by alias); 29 Apr 2011 16:49:27 -0000 Received: (qmail 5681 invoked by uid 22791); 29 Apr 2011 16:49:25 -0000 X-SWARE-Spam-Status: No, hits=-1.9 required=5.0 tests=AWL,BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,SPF_HELO_PASS,T_RP_MATCHES_RCVD X-Spam-Check-By: sourceware.org Received: from smtp-out.google.com (HELO smtp-out.google.com) (216.239.44.51) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Fri, 29 Apr 2011 16:49:12 +0000 Received: from kpbe20.cbf.corp.google.com (kpbe20.cbf.corp.google.com [172.25.105.84]) by smtp-out.google.com with ESMTP id p3TGnBkC027017 for ; Fri, 29 Apr 2011 09:49:11 -0700 Received: from ywf7 (ywf7.prod.google.com [10.192.6.7]) by kpbe20.cbf.corp.google.com with ESMTP id p3TGn7cw029332 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NOT) for ; Fri, 29 Apr 2011 09:49:10 -0700 Received: by ywf7 with SMTP id 7so1741034ywf.41 for ; Fri, 29 Apr 2011 09:49:09 -0700 (PDT) MIME-Version: 1.0 Received: by 10.91.82.7 with SMTP id j7mr4636874agl.99.1304095749744; Fri, 29 Apr 2011 09:49:09 -0700 (PDT) Received: by 10.90.72.6 with HTTP; Fri, 29 Apr 2011 09:49:09 -0700 (PDT) In-Reply-To: <20110429123634.GA23843@host1.jankratochvil.net> References: <20110429035837.9A1EA24619F@ruffy.mtv.corp.google.com> <20110429123634.GA23843@host1.jankratochvil.net> Date: Fri, 29 Apr 2011 16:49:00 -0000 Message-ID: Subject: Re: [RFA] Add $pdir as entry for libthread-db-search-path. From: Doug Evans To: Jan Kratochvil Cc: gdb-patches@sourceware.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-System-Of-Record: true X-IsSubscribed: yes Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org X-SW-Source: 2011-04/txt/msg00559.txt.bz2 On Fri, Apr 29, 2011 at 5:36 AM, Jan Kratochvil wrote: > On Fri, 29 Apr 2011 05:58:37 +0200, Doug Evans wrote: >> A better default is to look in the directory of libpthread first - that = is >> the best default. > > This is insecure default. =A0It is something like the FSF GDB insecure .g= dbinit > behavior which many distros (at least Fedora but even others) have to pat= ch. Does Fedora turn off the autoloading of python? How do your pretty printers Just Work? [Or maybe you only autoload if the directory is in $prefix/lib/debug or some such?] Plus I wonder how easy it would be to build a program that used an accompanying libpthread that didn't match the system libthread_db - gdb would then pick the accompanying libthread_db. Or does Fedora not ever look in the directory of libpthread for its libthread_db? > While it is always insecure to run a foreign binary it should be secure t= o for > example load a foreign binary and its core file.