From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gdb-patches-return-39752-listarch-gdb-patches=sources.redhat.com@sources.redhat.com>
Received: (qmail 21291 invoked by alias); 30 May 2005 22:49:17 -0000
Mailing-List: contact gdb-patches-help@sources.redhat.com; run by ezmlm
Precedence: bulk
List-Subscribe: <mailto:gdb-patches-subscribe@sources.redhat.com>
List-Archive: <http://sources.redhat.com/ml/gdb-patches/>
List-Post: <mailto:gdb-patches@sources.redhat.com>
List-Help: <mailto:gdb-patches-help@sources.redhat.com>, <http://sources.redhat.com/ml/#faqs>
Sender: gdb-patches-owner@sources.redhat.com
Received: (qmail 21267 invoked by uid 22791); 30 May 2005 22:49:12 -0000
Received: from mx2.suse.de (HELO mx2.suse.de) (195.135.220.15)
    by sourceware.org (qpsmtpd/0.30-dev) with ESMTP; Mon, 30 May 2005 22:49:12 +0000
Received: from hermes.suse.de (hermes-ext.suse.de [195.135.221.8])
	(using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits))
	(No client certificate requested)
	by mx2.suse.de (Postfix) with ESMTP id 7F9F71E082
	for <gdb-patches@sourceware.org>; Tue, 31 May 2005 00:49:06 +0200 (CEST)
From: Andreas Schwab <schwab@suse.de>
To: gdb-patches@sourceware.org
Subject: Re: RFC: Check permissions of .gdbinit files
References: <20050530185201.GA29332@nevyn.them.org>
	<jeekbo1h6j.fsf@sykes.suse.de> <20050530223305.GA2727@nevyn.them.org>
X-Yow: What I need is a MATURE RELATIONSHIP with a FLOPPY DISK...
Date: Tue, 31 May 2005 02:27:00 -0000
In-Reply-To: <20050530223305.GA2727@nevyn.them.org> (Daniel Jacobowitz's
	message of "Mon, 30 May 2005 18:33:06 -0400")
Message-ID: <je7jhg1g9q.fsf@sykes.suse.de>
User-Agent: Gnus/5.110003 (No Gnus v0.3) Emacs/22.0.50 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-SW-Source: 2005-05/txt/msg00655.txt.bz2

Daniel Jacobowitz <drow@false.org> writes:

> On Tue, May 31, 2005 at 12:29:24AM +0200, Andreas Schwab wrote:
>> Daniel Jacobowitz <drow@false.org> writes:
>> 
>> > Gentoo recently published a security update for GDB, citing the fact that
>> > GDB would load .gdbinit from the current directory even if that was owned by
>> > another user.  I'm not sure how I feel about running GDB in an untrusted
>> > directory or on untrusted binaries and expecting it to behave sensibly, but
>> > this particular issue is easy to fix.  Here's my suggested fix; it's not the
>> > same as Gentoo's.  If .gdbinit is world writable or owned by a different
>> > user, refuse to open it (and warn the user).
>> >
>> > Anyone have opinions on this change?
>> 
>> IMHO you should at least allow the same group owner.
>
> Can you explain why?

If you have a group of developers working on the same project you might
want a shared .gdbinit somewhere.

Andreas.

-- 
Andreas Schwab, SuSE Labs, schwab@suse.de
SuSE Linux Products GmbH, Maxfeldstraße 5, 90409 Nürnberg, Germany
Key fingerprint = 58CA 54C7 6D53 942B 1756  01D3 44D5 214B 8276 4ED5
"And now for something completely different."