From: Matt Rice <ratmice@gmail.com>
To: Paul_Koning@dell.com
Cc: simon.marchi@ericsson.com, Eli Zaretskii <eliz@gnu.org>,
Sergio Durigan Junior <sergiodj@redhat.com>,
"gdb-patches@sourceware.org" <gdb-patches@sourceware.org>
Subject: Re: [PATCH] Make sure GDB uses a valid shell when starting the inferior and to perform the "shell" command
Date: Fri, 24 Jul 2015 21:36:00 -0000 [thread overview]
Message-ID: <CACTLOFrhFh14mmtMsuj=m-yHET5VZzAH9E1oNBars0wrmUS4zA@mail.gmail.com> (raw)
In-Reply-To: <6E0AD60C-689F-4958-964D-FD560FE77C06@dell.com>
On Fri, Jul 24, 2015 at 1:42 PM, <Paul_Koning@dell.com> wrote:
>
>> On Jul 24, 2015, at 4:38 PM, Simon Marchi <simon.marchi@ericsson.com> wrote:
>>
>> On 15-07-24 04:25 PM, Paul_Koning@Dell.com wrote:
>>> But if you omit a shell, is the user of that shell blocked from using gdb? That’s not a good failure mode. It seems to me that omitting a non-shell is much more forgiving: all that happens is that you don’t get the friendly error message.
>>>
>>> So that says the explicit list should be of non-shells.
>>>
>>> paul
>>
>> With Eli's suggestion, if SHELL is valid but gdb doesn't know about it (e.g.
>> SHELL=/my/super/duper/shell), it will fall back to using /bin/sh. So no,
>> the user wouldn't be blocked.
>>
>>
> Not unless the features in that unknown shell are needed for the application to function correctly.
another case of this is shells which actively restrict the application to some
subset of available functionality
http://plash.beasts.org/index.html#section1
i'm not sure about the following being unfamiliar with it, but it
seems a likely candidate for this as well.
https://github.com/trombonehero/capsh
an unrecognised shell in this case could lead to increased authority
of the inferior process, as the general effort here is to restrict
processes to those file descriptors that the shell passes to it and
remove the ability to obtain new file descriptors the shell has not
blessed..
next prev parent reply other threads:[~2015-07-24 21:36 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-07-24 18:20 Sergio Durigan Junior
2015-07-24 18:34 ` Simon Marchi
2015-07-24 19:10 ` Sergio Durigan Junior
2015-07-24 19:17 ` Eli Zaretskii
2015-07-24 19:29 ` Sergio Durigan Junior
2015-07-24 19:53 ` Eli Zaretskii
2015-07-24 20:09 ` Simon Marchi
2015-07-24 20:20 ` Sergio Durigan Junior
2015-07-25 7:10 ` Eli Zaretskii
2015-07-25 16:30 ` Sergio Durigan Junior
2015-07-25 16:41 ` Eli Zaretskii
2015-07-25 17:03 ` Sergio Durigan Junior
2015-07-25 17:30 ` Eli Zaretskii
2015-07-25 23:46 ` Sergio Durigan Junior
2015-07-24 20:29 ` Paul_Koning
2015-07-24 20:38 ` Simon Marchi
2015-07-24 20:51 ` Paul_Koning
2015-07-24 21:36 ` Matt Rice [this message]
2015-07-25 7:20 ` Eli Zaretskii
[not found] ` <87y4i547lk.fsf@redhat.com>
2015-07-25 7:16 ` Eli Zaretskii
2015-07-24 20:18 ` Andreas Schwab
2015-07-25 7:11 ` Eli Zaretskii
2015-07-25 7:54 ` Andreas Schwab
2015-07-25 8:09 ` Eli Zaretskii
2015-07-24 19:54 ` Simon Marchi
2015-07-24 18:43 ` Luis Machado
2015-07-24 19:08 ` Sergio Durigan Junior
2015-07-24 19:15 ` Eli Zaretskii
2015-07-24 20:38 ` [PATCH v2] " Sergio Durigan Junior
2015-07-26 0:14 ` [PATCH v3] " Sergio Durigan Junior
2015-07-26 8:05 ` Doug Evans
2015-07-26 17:03 ` Doug Evans
2015-07-26 19:26 ` Sergio Durigan Junior
2015-07-26 20:48 ` Doug Evans
2015-07-28 23:11 ` Pedro Alves
2015-07-29 19:21 ` Sergio Durigan Junior
2015-07-26 15:04 ` Eli Zaretskii
2015-07-28 19:58 ` [PATCH] Warn the user when $SHELL is invalid Sergio Durigan Junior
2015-07-28 23:12 ` Pedro Alves
2015-07-29 19:22 ` Sergio Durigan Junior
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CACTLOFrhFh14mmtMsuj=m-yHET5VZzAH9E1oNBars0wrmUS4zA@mail.gmail.com' \
--to=ratmice@gmail.com \
--cc=Paul_Koning@dell.com \
--cc=eliz@gnu.org \
--cc=gdb-patches@sourceware.org \
--cc=sergiodj@redhat.com \
--cc=simon.marchi@ericsson.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox