From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 7214 invoked by alias); 17 Jan 2012 19:02:38 -0000 Received: (qmail 7178 invoked by uid 22791); 17 Jan 2012 19:02:35 -0000 X-SWARE-Spam-Status: No, hits=-2.4 required=5.0 tests=AWL,BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_LOW,SARE_LWSHORTT,T_RP_MATCHES_RCVD X-Spam-Check-By: sourceware.org Received: from mail-vw0-f41.google.com (HELO mail-vw0-f41.google.com) (209.85.212.41) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Tue, 17 Jan 2012 19:02:22 +0000 Received: by vbbfa15 with SMTP id fa15so2294765vbb.0 for ; Tue, 17 Jan 2012 11:02:21 -0800 (PST) Received: by 10.52.90.71 with SMTP id bu7mr9205911vdb.63.1326826941347; Tue, 17 Jan 2012 11:02:21 -0800 (PST) MIME-Version: 1.0 Received: by 10.52.90.71 with SMTP id bu7mr9205898vdb.63.1326826941274; Tue, 17 Jan 2012 11:02:21 -0800 (PST) Received: by 10.220.229.1 with HTTP; Tue, 17 Jan 2012 11:02:21 -0800 (PST) In-Reply-To: <20120117184244.GA13988@host2.jankratochvil.net> References: <20120117095552.GA6141@host2.jankratochvil.net> <20120117162621.GA3883@host2.jankratochvil.net> <20120117165640.GB5344@host2.jankratochvil.net> <20120117174839.GA8459@host2.jankratochvil.net> <20120117184244.GA13988@host2.jankratochvil.net> Date: Tue, 17 Jan 2012 19:12:00 -0000 Message-ID: Subject: Re: [patch] New set auto-load-local-gdbinit + disable it by default From: Doug Evans To: Jan Kratochvil Cc: gdb-patches@sourceware.org X-System-Of-Record: true Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-IsSubscribed: yes Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org X-SW-Source: 2012-01/txt/msg00618.txt.bz2 On Tue, Jan 17, 2012 at 10:42 AM, Jan Kratochvil wrote: > On Tue, 17 Jan 2012 19:29:04 +0100, Doug Evans wrote: >> > It is difficult to argue myself but IMO in a survey between GDB newbie= s they >> > find easier if GDB behaves always the same than if it behaves differen= tly >> > according to which program you load into it. >> >> Which survey is that? =A0Is it online? > > Unfortunately I do not know about any. =A0I was just guessing results of > a hypothetical survey. =A0Sorry for being unclear. I wouldn't want to make such a substantial change based on a guess. >> [And I'm curious once they understand what's going on, what do they pref= er. >> Every new thing involves a bit of a learning curve ... > > If anything requires a needless learning curve it will be changed. Depends on the result, inclusion of the word "needless" is a strawman argum= ent. >> I'd be curious to know what the long term cost/benefit is for these newb= ies >> in addition to just the short term ... Once they understand it, do they >> prefer it?] > > They do not need to understand it. =A0They just already use and develop o= ther > debuggers. > > >> Script it. > > If you prefer it in FSF GDB as a script I am can code it that way. > > >> Too complicated how? > > I find > > (a) Extract first and second argument in shell, that will be several line= s of > =A0 =A0code. > (b) exec gdb -nx -x /etc/gdbinit -x ~/.gdbinit -ex "set auto-load-scripts= off" -ex "set libthread-db-search-path" -ex "file $file -ex "core-file $co= refile" "$@" > > as more complicated than > > gdb -secure "$@" > > Don't you? As opposed to a script named, say, secure-gdb that did that? >> Write the script once and you're done. >> If we had a contrib-like directory we could even ship one with gdb. > > I have to ship it anyway so either Fedora + Red Hat will have to fork aga= in or > it needs to be shipped with gdb. =A0It is a normal task of developers to = analyze > shipped crashes/binaries. Maintenance of pure additions is far easier than maintenance of local mods that involve changes. And maintenance of pure additions that are simply new files is easier than = that. IOW, if Fedora had to ship a script that wasn't in FSF GDB, is it really that big a deal? [OTOH, I for one, wish we had a contrib-like directory.] >> Are we sure we want to claim to the user community -safe is, umm, safe? >> It seems like we're a fair ways from being ready to claim it, setting >> aside auto-loading. > > If we are not ready for -safe then we should not. > > I am aware of DWARF reading unhandled run-offs but that is AFAIK only DoS > category of exploit. > > Are you aware of any new exploits? =A0This Python/libthread_db is CVE-201= 1-4355. My point is a security audit of GDB is more than just fixing the bugs we know of. As is taking on the job of keeping it that way.