From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gdb-patches-return-95072-listarch-gdb-patches=sources.redhat.com@sourceware.org>
Received: (qmail 3951 invoked by alias); 4 Oct 2012 15:07:41 -0000
Received: (qmail 3937 invoked by uid 22791); 4 Oct 2012 15:07:40 -0000
X-SWARE-Spam-Status: No, hits=-6.6 required=5.0	tests=AWL,BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,KHOP_RCVD_TRUST,KHOP_THREADED,RCVD_IN_DNSWL_LOW,RCVD_IN_HOSTKARMA_YE,RP_MATCHES_RCVD
X-Spam-Check-By: sourceware.org
Received: from mail-vb0-f41.google.com (HELO mail-vb0-f41.google.com) (209.85.212.41)    by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Thu, 04 Oct 2012 15:07:35 +0000
Received: by mail-vb0-f41.google.com with SMTP id v13so783408vbk.0        for <gdb-patches@sourceware.org>; Thu, 04 Oct 2012 08:07:34 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;        d=google.com; s=20120113;        h=mime-version:in-reply-to:references:date:message-id:subject:from:to         :cc:content-type:x-system-of-record:x-gm-message-state;        bh=gWzkY1esqKX9kSiskVD04RxMqQr+61KdsmUlvd5E1SA=;        b=FT4ahUPCIC6MAnTK5yIqyta7HNzXI/XKaHK9kpwXkkJkz8UmxPpkK+KepYIw80PSTl         Ch8FvArtTWLrIJ4KI3Cs49eTGmNjeFt5EsILBxg7P0SmK9bvN+cJTR0KJRG/oksrz6CJ         DitX21Drt8lhqBmNXtjml/fqWi9yQ1fTddw/mqmJby1xRRa6tpk2Trh43+jX8+t/Dk9n         LdVRes+FgH5Kv79eDdlzMq0DEjMerr4MTvucc3bxSTspp7+F9yNEYyWnX3czo1FkIm7s         MypIpaUWL3D8p6nPoarTv3q/hY5ItWc0lSEHCOdn6J/CzCRTFizoRHQq4eeBhaSF91C6         uUjQ==
MIME-Version: 1.0
Received: by 10.52.73.104 with SMTP id k8mr2640919vdv.115.1349363254517; Thu, 04 Oct 2012 08:07:34 -0700 (PDT)
Received: by 10.52.24.239 with HTTP; Thu, 4 Oct 2012 08:07:34 -0700 (PDT)
In-Reply-To: <20121004145105.GP3028@adacore.com>
References: <9F52A338-A158-44DC-90C1-F46503859613@cs.umd.edu>	<285502C6-1395-4049-9D55-031EDA3AD06D@cs.umd.edu>	<20120924170348.GI4146@adacore.com>	<CC9CEDC8-8941-43A8-88EA-DAB1B671DD32@cs.umd.edu>	<20120927091737.GB2980@adacore.com>	<CADPb22Q1a2TJ_bR0yq_wjOua8pBqBsZXvyS2uteX9xKiLuC9kw@mail.gmail.com>	<20121004000840.GI3028@adacore.com>	<CADPb22TcGqvuxKo5_t8zuwNiJyUL4Yp38zA0OXcX_Dbv9bmyNQ@mail.gmail.com>	<20121004013358.GJ3028@adacore.com>	<CADPb22Tai7SqB5M=7VWa34UHU6R5mYT6-rFU7GA4e712UmyG3A@mail.gmail.com>	<20121004145105.GP3028@adacore.com>
Date: Thu, 04 Oct 2012 15:07:00 -0000
Message-ID: <CADPb22RVzBX0vJY6ra3kquQO95D=jda_W_quAHO_YqFq4HpqyA@mail.gmail.com>
Subject: Re: [PATCH] Also install data-directory into the build directory as computed by relocate_gdb_directory
From: Doug Evans <dje@google.com>
To: Joel Brobecker <brobecker@adacore.com>
Cc: Khoo Yit Phang <khooyp@cs.umd.edu>, Jan Kratochvil <jan.kratochvil@redhat.com>, 	GDB Patches <gdb-patches@sourceware.org>
Content-Type: text/plain; charset=ISO-8859-1
X-System-Of-Record: true
X-Gm-Message-State: ALoCoQkiITSlOBkTndedh9mfTCUE1KEgN8d/CH6ea4MnZnsqFD9NGjJYPMJTSxzTxmSU851hVlBtDNWTz8Qo0y47lpu08dY650KndqG6S0NN4tS5gah6Aybo95ugvaDGcg3iPPLc2wBqzXAJvxJ0Lj09JC/VUnF9FHwvrmbMb/BBxGa0z8WyY9+3pF5RgUvPVDgGWyU5ZUrwonHkwwTDVIHMKk82HJjQHA==
X-IsSubscribed: yes
Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <gdb-patches.sourceware.org>
List-Subscribe: <mailto:gdb-patches-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/gdb-patches/>
List-Post: <mailto:gdb-patches@sourceware.org>
List-Help: <mailto:gdb-patches-help@sourceware.org>, <http://sourceware.org/ml/#faqs>
Sender: gdb-patches-owner@sourceware.org
X-SW-Source: 2012-10/txt/msg00080.txt.bz2

On Thu, Oct 4, 2012 at 7:51 AM, Joel Brobecker <brobecker@adacore.com> wrote:
>> > I think that this is opening the door for allowing GDB to execute
>> > code without the user being aware of it. I'd rather avoid that.
>>
>> How so?
>
> Let's say: I build a debugger and install it somewhere, and then
> tell my collegues: Hey, use my super-duper GDB. Then, someone hacks
> into my account, set things up to put my GDB into a situation where
> it will think that it's still in a build directory, and then place
> some code in the datadir/python area to auto-execute some malicious
> code...

If they've hacked into your account seems like it's game over regardless.
[All sorts of nasties could be inflicted - e.g., just hack the gdb
binary directly.]