From: Simon Tatham <Simon.Tatham@arm.com>
To: John Darrington <john@darrington.wattle.id.au>
Cc: gdb-patches@sourceware.org, nd@arm.com
Subject: Re: [PATCH 2/4] GDB: Document the unix::/path/to/socket of remote connection.
Date: Mon, 15 Oct 2018 09:31:00 -0000 [thread overview]
Message-ID: <c406f5b9-30de-1d8f-d799-e5aa4d79972c@arm.com> (raw)
In-Reply-To: <20181013175801.2670-2-john@darrington.wattle.id.au>
On 13/10/18 18:57, John Darrington wrote:
> +Alternatively you can use a Unix domain socket:
> +
> +@smallexample
> +target remote unix::/tmp/gdb-socket1
> +@end smallexample
> +@noindent
> +
> +This has the advantage that it'll not fail if the port number is already
> +in use.
> +
Hi,
I was pointed at this thread by a colleague, because last week I was
also considering submitting a patch to allow gdb and gdbserver to talk
to each other over Unix-domain sockets, and he pointed out that it was
already in progress :-)
I'd like to suggest that this documentation change under-stresses what I
see as the most important reason why this is a useful feature: security.
The gdbserver protocol is cleartext and unauthenticated. Running it on a
TCP port means that anyone who can connect to that port – and depending
on the network environment, that might be a lot of people – can request
gdbserver to execute arbitrary code in the context of the process being
debugged, without having to give a vestige of proof as to their right to
ask for it. This is not really the kind of feature we like about network
protocols in the modern world!
But Unix-domain sockets are access-controlled via the file permissions
on the path leading to the socket file. If you use this new feature to
make a Unix-domain socket inside a directory that only your user id has
access to, then any process physically capable of connecting to the
socket has already proved its right to run code under your user id. So
this solves the whole issue, while keeping all the other conveniences of
the socket-based gdbserver transport.
Also, current versions of OpenSSH support general forwarding of
Unix-domain sockets over SSH connections. Using that, it should even be
possible to use this system for genuinely _remote_ debugging (i.e.
between different machines), without reintroducing the same security
hazard, because the Unix socket at each end is access-controlled, and
the network connection in between them is cryptographically protected.
Cheers,
Simon
next prev parent reply other threads:[~2018-10-15 9:31 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-09 17:33 Gdbserver can listen on local domain sockets John Darrington
2018-10-09 17:33 ` [PATCH] GDBSERVER: Listen on a unix domain (instead of TCP) socket if requested John Darrington
2018-10-09 17:56 ` Eli Zaretskii
2018-10-09 18:02 ` Pedro Alves
2018-10-09 18:41 ` John Darrington
2018-10-09 18:53 ` Pedro Alves
2018-10-09 19:00 ` John Darrington
2018-10-09 19:06 ` Pedro Alves
2018-10-13 17:58 ` [PATCH 1/4] " John Darrington
2018-10-13 17:58 ` [PATCH 3/4] GDB: Fix documentation for invoking GDBSERVER John Darrington
2018-10-13 18:10 ` Eli Zaretskii
2018-10-18 20:27 ` Sergio Durigan Junior
2018-10-19 7:05 ` John Darrington
2018-10-19 20:45 ` Sergio Durigan Junior
2018-10-21 7:33 ` John Darrington
2018-10-21 16:47 ` Sergio Durigan Junior
2018-10-23 18:25 ` John Darrington
2018-10-23 18:58 ` Sergio Durigan Junior
2018-10-13 17:58 ` [PATCH 2/4] GDB: Document the unix::/path/to/socket of remote connection John Darrington
2018-10-13 18:11 ` Eli Zaretskii
2018-10-15 9:31 ` Simon Tatham [this message]
2018-10-18 20:21 ` Sergio Durigan Junior
2018-10-13 17:58 ` [PATCH 4/4] GDB: Remote target can now accept the form unix::/path/to/socket John Darrington
2018-10-13 18:12 ` [PATCH 1/4] GDBSERVER: Listen on a unix domain (instead of TCP) socket if requested Eli Zaretskii
2018-10-18 20:18 ` Sergio Durigan Junior
2018-10-19 18:55 ` John Darrington
2018-10-19 19:43 ` Sergio Durigan Junior
2018-10-28 16:20 ` Simon Marchi
2018-10-28 18:10 ` John Darrington
2018-10-28 18:51 ` Simon Marchi
2018-10-29 8:24 ` John Darrington
2018-10-29 9:13 ` Rainer Orth
2018-10-29 9:38 ` Rainer Orth
[not found] ` <4da7206f-6e6a-7aad-634e-a4485d99e988@ericsson.com>
[not found] ` <20181029162513.oztznqp74gudrqgm@jocasta.intra>
2018-10-29 16:42 ` Sergio Durigan Junior
2018-10-29 17:34 ` John Darrington
2018-10-31 13:54 ` Simon Marchi
2018-10-29 18:32 ` Simon Marchi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c406f5b9-30de-1d8f-d799-e5aa4d79972c@arm.com \
--to=simon.tatham@arm.com \
--cc=gdb-patches@sourceware.org \
--cc=john@darrington.wattle.id.au \
--cc=nd@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox