From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 16420 invoked by alias); 20 Apr 2010 19:13:46 -0000 Received: (qmail 16403 invoked by uid 22791); 20 Apr 2010 19:13:44 -0000 X-SWARE-Spam-Status: No, hits=-6.8 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_HI,SPF_HELO_PASS,TW_BJ,T_RP_MATCHES_RCVD X-Spam-Check-By: sourceware.org Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Tue, 20 Apr 2010 19:13:39 +0000 Received: from int-mx01.intmail.prod.int.phx2.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id o3KJDXft002949 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 20 Apr 2010 15:13:34 -0400 Received: from ns3.rdu.redhat.com (ns3.rdu.redhat.com [10.11.255.199]) by int-mx01.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id o3KJDXfM031834; Tue, 20 Apr 2010 15:13:33 -0400 Received: from opsy.redhat.com (ovpn01.gateway.prod.ext.phx2.redhat.com [10.5.9.1]) by ns3.rdu.redhat.com (8.13.8/8.13.8) with ESMTP id o3KJDWNC032522; Tue, 20 Apr 2010 15:13:32 -0400 Received: by opsy.redhat.com (Postfix, from userid 500) id 5DFD337979C; Tue, 20 Apr 2010 13:13:32 -0600 (MDT) From: Tom Tromey To: dje@google.com (Doug Evans) Cc: gdb-patches@sourceware.org Subject: Re: [RFA] [1/2] auto-loading scripts from .debug_gdb_scripts section References: <20100416070540.4205E84396@ruffy.mtv.corp.google.com> Reply-To: tromey@redhat.com Date: Tue, 20 Apr 2010 19:13:00 -0000 In-Reply-To: <20100416070540.4205E84396@ruffy.mtv.corp.google.com> (Doug Evans's message of "Fri, 16 Apr 2010 00:05:40 -0700 (PDT)") Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org X-SW-Source: 2010-04/txt/msg00628.txt.bz2 >>>>> "Doug" == Doug Evans writes: Doug> This patch adds support for auto-loading scripts mentioned in Doug> section .debug_gdb_scripts. It seems reasonable to me. I looked through the patch and didn't see anything I disagreed with. I'm curious why these new scripts are attached to the program space and not just the objfile from which the section came. But, I don't think it really matters. I'm somewhat concerned about security. I don't know why I didn't think of this before :-(. The issue is that either approach can result in random Python code being loaded into gdb. One idea for a fix would be to check the script file's ownership and permissions before reading it. I think we'd need to allow files to be owned by the current user or by root in order for this to work nicely in the distro case. Tom