From: Simon Marchi <simark@simark.ca>
To: Siddhesh Poyarekar <siddhesh@redhat.com>,
Andrew Burgess <aburgess@redhat.com>,
gdb-patches@sourceware.org
Subject: Re: [RFC] Adding a SECURITY policy for GDB
Date: Tue, 7 Nov 2023 09:22:48 -0500 [thread overview]
Message-ID: <c19bc885-b4a6-4eed-8b8e-bd51ead98565@simark.ca> (raw)
In-Reply-To: <3b60a089-f570-4203-9cdd-bf0b3e47f7e1@redhat.com>
On 11/7/23 07:17, Siddhesh Poyarekar wrote:
> An example of such a CVE could be failure to respect umask[1]. I'm not sure how one would word that without risking OS bugs being reported against GDB. I'm inclined to think that it's not as much of a problem at the moment since we haven't historically gotten any reports in this area. Maybe if we start getting reports in this area we could tighten up this text?
>
> Thanks,
> Sid
>
> [1] https://blog.rust-lang.org/2023/08/03/cve-2023-38497.html
>
Ah ok, with that example it makes sense. I was only thinking in terms
of the user of GDB being the bad person, accessing someone else's data.
Not someone else accessing the GDB user's data.
Simon
next prev parent reply other threads:[~2023-11-07 14:23 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-06 13:26 Andrew Burgess
2023-11-06 18:55 ` Kevin Buettner
2023-11-06 19:34 ` Simon Marchi
2023-11-06 20:09 ` Siddhesh Poyarekar
2023-11-06 20:15 ` Simon Marchi
2023-11-07 12:17 ` Siddhesh Poyarekar
2023-11-07 14:22 ` Simon Marchi [this message]
2023-11-09 14:35 ` Willgerodt, Felix
2023-11-16 17:19 ` Andrew Burgess
2023-11-16 17:27 ` Paul Koning
2023-11-16 21:35 ` Siddhesh Poyarekar
2023-12-08 15:05 ` Andrew Burgess
2023-12-09 10:55 ` Eli Zaretskii
2024-02-04 15:32 ` Andrew Burgess
2024-02-04 17:18 ` Eli Zaretskii
2024-02-04 17:43 ` Andreas Schwab
2024-02-04 18:56 ` Eli Zaretskii
2024-02-05 11:06 ` Andrew Burgess
2023-12-12 7:27 ` Willgerodt, Felix
2024-02-04 15:36 ` [V3] " Andrew Burgess
2024-02-18 13:55 ` Andrew Burgess
2024-03-27 11:00 ` [V4] " Andrew Burgess
2024-04-08 11:01 ` [V5] " Andrew Burgess
2024-04-09 20:30 ` Tom Tromey
2024-04-10 10:22 ` Willgerodt, Felix
2024-04-26 15:44 ` Andrew Burgess
2024-02-05 21:01 ` Tom Tromey
2024-02-09 15:59 ` Andrew Burgess
2024-02-12 16:43 ` Guinevere Larsen
2024-02-12 17:06 ` Siddhesh Poyarekar
2024-02-14 15:03 ` Andrew Burgess
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c19bc885-b4a6-4eed-8b8e-bd51ead98565@simark.ca \
--to=simark@simark.ca \
--cc=aburgess@redhat.com \
--cc=gdb-patches@sourceware.org \
--cc=siddhesh@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox