From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 15079 invoked by alias); 4 Oct 2012 15:23:34 -0000 Received: (qmail 15071 invoked by uid 22791); 4 Oct 2012 15:23:32 -0000 X-SWARE-Spam-Status: No, hits=-6.6 required=5.0 tests=AWL,BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,KHOP_RCVD_TRUST,KHOP_THREADED,RCVD_IN_DNSWL_LOW,RCVD_IN_HOSTKARMA_YE,RP_MATCHES_RCVD X-Spam-Check-By: sourceware.org Received: from mail-vb0-f41.google.com (HELO mail-vb0-f41.google.com) (209.85.212.41) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Thu, 04 Oct 2012 15:23:28 +0000 Received: by mail-vb0-f41.google.com with SMTP id v13so807764vbk.0 for ; Thu, 04 Oct 2012 08:23:28 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:x-system-of-record:x-gm-message-state; bh=bpX627WEi6fKTU4c05zlrrICR7d9fYDBrFNiPjWpH1Y=; b=ot9qTOAfuljT+pS4F4Do/ooic/BcmK9I+fCZQ0DWpIWRhx49EIpweq6JPnXK7K4Y67 RqAPPfjseU4ftSkhu9dTobrPuXFFey2fLTsAIQg0cIa+h7jX05i9HdOqP9xay0cL1+Bk AkiuPo5swyg79nPJBtoz77K9RFRE7a5bjHFKTBe4nn2aqHc561pT0vRUrkAVcZemlPs1 fMiW96ribG55rCoHj7K3swi9iFTduaelXQcPZqIyHAxEIM7xMl3Eif493NMiOwi3oV6I muvQU9jwhb0JL2f/4sf/Elsqo8r1mI/yYf7I7lLPYrEAlvPtp3pi0a9yvrNk9qtYy2vD WQlg== MIME-Version: 1.0 Received: by 10.221.0.74 with SMTP id nl10mr3294632vcb.47.1349364207869; Thu, 04 Oct 2012 08:23:27 -0700 (PDT) Received: by 10.52.24.239 with HTTP; Thu, 4 Oct 2012 08:23:27 -0700 (PDT) In-Reply-To: References: <2878953E-B698-43F3-989A-A551D96BAB62@cs.umd.edu> <20120924152641.GF4146@adacore.com> <9F52A338-A158-44DC-90C1-F46503859613@cs.umd.edu> <285502C6-1395-4049-9D55-031EDA3AD06D@cs.umd.edu> <20120924170348.GI4146@adacore.com> <20120927091737.GB2980@adacore.com> <20121004000840.GI3028@adacore.com> <83k3v69a1r.fsf@gnu.org> <20121004134927.GL3028@adacore.com> Date: Thu, 04 Oct 2012 15:23:00 -0000 Message-ID: Subject: Re: [PATCH] Also install data-directory into the build directory as computed by relocate_gdb_directory From: Doug Evans To: Joel Brobecker Cc: Eli Zaretskii , khooyp@cs.umd.edu, jan.kratochvil@redhat.com, gdb-patches@sourceware.org Content-Type: text/plain; charset=ISO-8859-1 X-System-Of-Record: true X-Gm-Message-State: ALoCoQl6/SzpdUmVPleSm8NYGul4IRnSTfjkxHfnr3uUPkMNNm0/EHuFmTpdi/WsDvWknA1eMBn0wD4xsKJoKXYo17t/gQwPgXScqguQGiVRnpxMswHNAPou6lbhlC1EkrlczFe8YC9m7jWyJkcAhFxYmraxRwSaDXVJ6HGhugqF2bhItpy8amqU+WA3dsLUtwLu6y7nPs8jbTYcLI+TM9k0cEI08/nLfg== X-IsSubscribed: yes Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org X-SW-Source: 2012-10/txt/msg00081.txt.bz2 On Thu, Oct 4, 2012 at 7:48 AM, Doug Evans wrote: > On Thu, Oct 4, 2012 at 6:49 AM, Joel Brobecker wrote: >>> Why not? Aren't there specific directories and/or files near the GDB >>> executable in this case? >> >> I have a feeling that this would open the door allowing attackers >> to setup GDB to execute unwanted code if we make it easy to reproduce >> the same environment and place GDB in a mode where it thinks it is >> inside a build directory. > > auto-load safe-path isn't circumvented. Hmm, I take that back, since the plan was to set a different default value for data-directory. I wonder if it's possible to put a solution in ~/.gdbinit. gdb hackers already have to do something if they want gdb-gdb.gdb auto-loaded (assuming they don't do something at configure time). [If we need to extend the Python API a bit, that'd be ok with me.] ~/.gdbinit is processed before the command line args.