From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 26053 invoked by alias); 4 Oct 2012 14:48:14 -0000 Received: (qmail 26044 invoked by uid 22791); 4 Oct 2012 14:48:13 -0000 X-SWARE-Spam-Status: No, hits=-6.6 required=5.0 tests=AWL,BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,KHOP_RCVD_TRUST,KHOP_THREADED,RCVD_IN_DNSWL_LOW,RCVD_IN_HOSTKARMA_YE,RP_MATCHES_RCVD X-Spam-Check-By: sourceware.org Received: from mail-vb0-f41.google.com (HELO mail-vb0-f41.google.com) (209.85.212.41) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Thu, 04 Oct 2012 14:48:07 +0000 Received: by mail-vb0-f41.google.com with SMTP id v13so752717vbk.0 for ; Thu, 04 Oct 2012 07:48:06 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:x-system-of-record:x-gm-message-state; bh=D5GBBMIrnJ0sFXpsE5kgqQwQhdkYf/TitCXa0W24jZo=; b=INgtdbVQlosdIFgLFkYYfLjD23BVYlZ9GPZqH2jJ4Yu0vmRvOcbD8gYlC741tqB95/ LEL0zgINyQycZ7raisz9cw4XZKTauIJt+j+lBO26k/hFl75hcTR8pMp0OuRt5WyRX3v5 28mxprTuFFtxacbd9BU/kjVdowUzyrLzO3Sz6vuRl6AilthtrtxenIlNhbz8xGV8uzIV McVvfqiCgFhUftplYF6gInROIkdi7BV85pJ9Aa5HMY8JR1K0QOLxFXzLUDO6RzeD3t4E 4W1Cs9ZOeYhrYY6Yx72zmsXEYaTSfjhjJq9ZH9LUMQdhYPLnpbKM2pyae0MeIN6hgVg5 vxpQ== MIME-Version: 1.0 Received: by 10.52.73.104 with SMTP id k8mr2610962vdv.115.1349362086677; Thu, 04 Oct 2012 07:48:06 -0700 (PDT) Received: by 10.52.24.239 with HTTP; Thu, 4 Oct 2012 07:48:06 -0700 (PDT) In-Reply-To: <20121004134927.GL3028@adacore.com> References: <2878953E-B698-43F3-989A-A551D96BAB62@cs.umd.edu> <20120924152641.GF4146@adacore.com> <9F52A338-A158-44DC-90C1-F46503859613@cs.umd.edu> <285502C6-1395-4049-9D55-031EDA3AD06D@cs.umd.edu> <20120924170348.GI4146@adacore.com> <20120927091737.GB2980@adacore.com> <20121004000840.GI3028@adacore.com> <83k3v69a1r.fsf@gnu.org> <20121004134927.GL3028@adacore.com> Date: Thu, 04 Oct 2012 14:48:00 -0000 Message-ID: Subject: Re: [PATCH] Also install data-directory into the build directory as computed by relocate_gdb_directory From: Doug Evans To: Joel Brobecker Cc: Eli Zaretskii , khooyp@cs.umd.edu, jan.kratochvil@redhat.com, gdb-patches@sourceware.org Content-Type: text/plain; charset=ISO-8859-1 X-System-Of-Record: true X-Gm-Message-State: ALoCoQnoBloA26oea8xUOzi6z5DcJ9trmJC4t5ZVGACC5EkLUKNq4tS5PdS/VfaZmumd+bey5B2JhAA5DXlfkdxVW24Hacj+nvEJFkc6yLhIcz2diB9yI5ZPiihuCId2ZryawM3FbYNWxcC8aT5VIgF/akP4yeEuHPJ65VDkVwMrVSvs8AoA3lCau6IBpoAsq1nYi2rSuXktuNHY5ds1XMCUjg++mkHkWw== X-IsSubscribed: yes Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org X-SW-Source: 2012-10/txt/msg00076.txt.bz2 On Thu, Oct 4, 2012 at 6:49 AM, Joel Brobecker wrote: >> Why not? Aren't there specific directories and/or files near the GDB >> executable in this case? > > I have a feeling that this would open the door allowing attackers > to setup GDB to execute unwanted code if we make it easy to reproduce > the same environment and place GDB in a mode where it thinks it is > inside a build directory. auto-load safe-path isn't circumvented. Ever done ./gdb ./gdb and got the complaint about gdb-gdb.gdb not being loaded? :-) [Working around that is in my ~/.gdbinit, but I still run into it from time to time.] Heh. A thought occurred to me. The default value of "auto-load safe-path" is $debugdir:$datadir/auto-load. Is it a bug that ./gdb --data-directory $(pwd)/data-directory ./gdb loads data-directory/python/gdb/__init__.py ? And do we need to augment Python's module loader to handle gdb's auto-load safe-path?