This is the mail archive of the
mailing list for the GDB project.
Re: [RFA] Add $pdir as entry for libthread-db-search-path.
>>>>> "Doug" == Doug Evans <email@example.com> writes:
Doug> Thanks, but I'm still stuck ...
I have gone back and forth on this a few times.
On the one hand, I think people running gdb on an untrusted executable
are acting naively. I think this is true even for a python-less build
using -nx -- I just don't think gdb or bfd has had enough scrutiny along
these lines to warrant trust.
On the other hand, I think it makes sense to aim for trustworthiness as
a goal, because gdb is a powerful tool for inspecting executables.
I think my overall preference would be for gdb to run securely by
default, with some runtime settings to let users override this.
Also I don't have any problem recognizing that different organizations
build gdb in different ways for their own reasons, and making
accommodations for that. That is, a configure option to make $pdir the
default seems fine to me, if you want something like that.
Doug> Question for the group at large (and I it doesn't matter to me which
Doug> way we go, I just want to make forward progress ...).
Doug> Do we enforce such security concerns in FSF gdb?
Doug> If we address these security concerns what is the solution?
Doug> One proposal is on the table.
Doug> [Maintain a list of trusted paths in gdb and have a flag for
Doug> permissive/restrictive mode.
Doug> If in restrictive mode libthread_db and autoloaded python/gdbinit code
Doug> has to come from a trusted path.
Doug> I think one could take this further though.]
It seems reasonable to me.
Doug> Do we need to address this before adding my $pdir patch?
IMO, no, but it would be nicer that way.