This is the mail archive of the
gdb-patches@sourceware.org
mailing list for the GDB project.
[patch 5/6] set debug auto-load
- From: Jan Kratochvil <jan dot kratochvil at redhat dot com>
- To: gdb-patches at sourceware dot org
- Date: Sat, 24 Mar 2012 19:40:29 +0100
- Subject: [patch 5/6] set debug auto-load
Hi,
one can easily see this way what all insecure pathnames GDB tries to open.
$ ./gdb/gdb -iex 'set debug auto-load 1' ./gdb/gdb
[...]
(gdb) set libthread-db-search-path $pdir
(gdb) start
[...]
auto-load: Loading libthread-db library "/usr/lib/debug/lib64/libthread_db.so.1" from $pdir.
auto-load: Resolved file "/usr/lib/debug/lib64/libthread_db.so.1" as "/usr/lib/debug/lib64/libthread_db.so.1".
auto-load: Updating directories of "/usr/local".
auto-load: Resolved directory "/usr/local".
warning: File "/usr/lib/debug/lib64/libthread_db.so.1" auto-loading has been declined by your `auto-load safe-path' set to "/usr/local".
Thanks,
Jan
gdb/
2012-03-20 Jan Kratochvil <jan.kratochvil@redhat.com>
* NEWS: New commands "set debug auto-load" and "show debug auto-load".
* auto-load.c (debug_auto_load, show_debug_auto_load: New.
(auto_load_safe_path_vec_update)
(filename_is_in_auto_load_safe_path_vec): Call fprintf_unfiltered
if DEBUG_AUTO_LOAD.
(file_is_auto_load_safe): New parameters debug_fmt and ....
Call fprintf_unfiltered if DEBUG_AUTO_LOAD.
(source_gdb_script_for_objfile): Extend the file_is_auto_load_safe
caller by explanatory string.
(_initialize_auto_load): Register "set debug auto-load".
* auto-load.h (file_is_auto_load_safe): New parameters debug_fmt
and ....
* linux-thread-db.c (try_thread_db_load_from_pdir_1)
(try_thread_db_load_from_dir): Extend the file_is_auto_load_safe caller
by explanatory string.
* main.c (captured_main): Likewise.
* python/py-auto-load.c (gdbpy_load_auto_script_for_objfile)
(source_section_scripts): Likewise.
gdb/doc/
2012-03-20 Jan Kratochvil <jan.kratochvil@redhat.com>
* gdb.texinfo (Auto-loading): New menu item for auto-load verbose mode.
(auto-load verbose mode): New node.
--- a/gdb/NEWS
+++ b/gdb/NEWS
@@ -146,6 +146,10 @@ set auto-load safe-path <dir1>[:<dir2>...]
show auto-load safe-path
Sets a list of directories safe to hold auto-loaded files.
+set debug auto-load on|off
+show debug auto-load
+ Control display of debugging info for auto-loading the files above.
+
* New remote packets
z0/z1 conditional breakpoints extension
--- a/gdb/auto-load.c
+++ b/gdb/auto-load.c
@@ -41,6 +41,20 @@
static void source_gdb_script_for_objfile (struct objfile *objfile, FILE *file,
const char *filename);
+/* Value of the 'set debug auto-load' configuration variable. */
+static int debug_auto_load = 0;
+
+/* "show" command for the debug_auto_load configuration variable. */
+
+static void
+show_debug_auto_load (struct ui_file *file, int from_tty,
+ struct cmd_list_element *c, const char *value)
+{
+ fprintf_filtered (file, _("Debugging output for files "
+ "of 'set auto-load ...' is %s.\n"),
+ value);
+}
+
/* User-settable option to enable/disable auto-loading of GDB_AUTO_FILE_NAME
scripts:
set auto-load gdb-scripts on|off
@@ -131,6 +145,11 @@ auto_load_safe_path_vec_update (void)
char *safe_path, *filename_real = NULL, *dir;
int ix;
+ if (debug_auto_load)
+ fprintf_unfiltered (gdb_stdlog,
+ _("auto-load: Updating directories of \"%s\".\n"),
+ auto_load_safe_path);
+
for (ix = 0; VEC_iterate (char_ptr, auto_load_safe_path_vec, ix, dir); ++ix)
xfree (dir);
VEC_free (char_ptr, auto_load_safe_path_vec);
@@ -150,6 +169,11 @@ auto_load_safe_path_vec_update (void)
real_path = gdb_realpath (safe_path);
VEC_safe_push (char_ptr, auto_load_safe_path_vec, real_path);
+ if (debug_auto_load)
+ fprintf_unfiltered (gdb_stdlog,
+ _("auto-load: Resolved directory \"%s\".\n"),
+ real_path);
+
safe_path = next_dir;
}
while (safe_path != NULL);
@@ -210,14 +234,27 @@ filename_is_in_auto_load_safe_path_vec (const char *filename,
break;
if (*filename_realp == NULL)
- *filename_realp = gdb_realpath (filename);
+ {
+ *filename_realp = gdb_realpath (filename);
+ if (debug_auto_load)
+ fprintf_unfiltered (gdb_stdlog,
+ _("auto-load: Resolved "
+ "file \"%s\" as \"%s\".\n"),
+ filename, *filename_realp);
+ }
if (filename_is_in_dir (*filename_realp, dir))
break;
}
if (dir != NULL)
- return 1;
+ {
+ if (debug_auto_load)
+ fprintf_unfiltered (gdb_stdlog, _("auto-load: File \"%s\" matches "
+ "directory \"%s\".\n"),
+ filename, dir);
+ return 1;
+ }
return 0;
}
@@ -231,11 +268,20 @@ filename_is_in_auto_load_safe_path_vec (const char *filename,
directory. */
int
-file_is_auto_load_safe (const char *filename)
+file_is_auto_load_safe (const char *filename, const char *debug_fmt, ...)
{
char *filename_real = NULL;
struct cleanup *back_to;
+ if (debug_auto_load)
+ {
+ va_list debug_args;
+
+ va_start (debug_args, debug_fmt);
+ vfprintf_unfiltered (gdb_stdlog, debug_fmt, debug_args);
+ va_end (debug_args);
+ }
+
back_to = make_cleanup (free_current_contents, &filename_real);
if (filename_is_in_auto_load_safe_path_vec (filename, &filename_real))
@@ -272,7 +318,10 @@ source_gdb_script_for_objfile (struct objfile *objfile, FILE *file,
struct auto_load_pspace_info *pspace_info;
volatile struct gdb_exception e;
- is_safe = file_is_auto_load_safe (filename);
+ is_safe = file_is_auto_load_safe (filename, _("auto-load: Loading canned "
+ "sequences of commands script "
+ "\"%s\" for objfile \"%s\".\n"),
+ filename, objfile->name);
/* Add this script to the hash table too so "info auto-load gdb-scripts"
can print it. */
@@ -920,4 +969,13 @@ This options has security implications for untrusted inferiors."),
show_auto_load_safe_path,
auto_load_set_cmdlist_get (),
auto_load_show_cmdlist_get ());
+
+ add_setshow_boolean_cmd ("auto-load", class_maintenance,
+ &debug_auto_load, _("\
+Set auto-load verifications debugging."), _("\
+Show auto-load verifications debugging."), _("\
+When non-zero, debugging output for files of 'set auto-load ...'\n\
+is displayed."),
+ NULL, show_debug_auto_load,
+ &setdebuglist, &showdebuglist);
}
--- a/gdb/auto-load.h
+++ b/gdb/auto-load.h
@@ -58,6 +58,7 @@ extern struct cmd_list_element **auto_load_set_cmdlist_get (void);
extern struct cmd_list_element **auto_load_show_cmdlist_get (void);
extern struct cmd_list_element **auto_load_info_cmdlist_get (void);
-extern int file_is_auto_load_safe (const char *filename);
+extern int file_is_auto_load_safe (const char *filename,
+ const char *debug_fmt, ...);
#endif /* AUTO_LOAD_H */
--- a/gdb/doc/gdb.texinfo
+++ b/gdb/doc/gdb.texinfo
@@ -24753,6 +24753,7 @@ and @code{.debug_gdb_scripts} section.
* .debug_gdb_scripts section:: The @code{.debug_gdb_scripts} section
* Which flavor to choose?::
* auto-load safe-path:: Security restriction for auto-loading
+* auto-load verbose mode:: Displaying files tried for auto-load
@end menu
The auto-loading feature is useful for supplying application-specific
@@ -24995,6 +24996,44 @@ directories. See also the deprecated option @xref{local-gdbinit}.
Be aware even downloaded source packages may contain exploit code which may get
executed by @value{GDBN} without explicitly running any program therein.
+@node auto-load verbose mode
+@subsubsection Displaying files tried for auto-load
+@cindex debug auto-load
+
+For better visibility of all the file locations where you can place scripts to
+be auto-loaded with inferior --- or to protect yourself against accidental
+execution of untrusted scripts --- @value{GDBN} provides a feature for printing
+all the files attempted to be loaded. Both existing and non-existing files may
+be printed.
+
+For example @ref{auto-load safe-path} applies to canonicalized filenames which
+may not be too obvious while setting it up.
+
+@smallexample
+(gdb) set debug auto-load ues
+(gdb) file /home/user/gdb/gdb
+Reading symbols from /home/user/gdb/gdb...done.
+auto-load: Loading canned sequences of commands script
+ "/home/user/gdb/gdb-gdb.rc" for objfile "/home/user/gdb/gdb".
+auto-load: Resolved file "/home/user/gdb/gdb-gdb.rc"
+ as "/home/user/gdb/gdb-gdb.rc".
+auto-load: Updating directories of "/usr/local".
+auto-load: Resolved directory "/usr/local".
+warning: File "/home/user/gdb/gdb-gdb.rc" auto-loading has been declined
+ by your `auto-load safe-path' set to "/usr/local".
+@end smallexample
+
+@table @code
+@kindex set debug auto-load path
+@item set debug auto-load [yes|no]
+Set whether printing of the filenames attempted to be auto-loaded is turned on.
+
+@kindex show debug auto-load
+@item show debug auto-load
+Show whether printing of the filenames attempted to be auto-loaded is turned
+on.
+@end table
+
@node Python modules
@subsection Python modules
@cindex python modules
--- a/gdb/linux-thread-db.c
+++ b/gdb/linux-thread-db.c
@@ -870,7 +870,9 @@ try_thread_db_load_from_pdir_1 (struct objfile *obj)
gdb_assert (cp != NULL);
strcpy (cp + 1, LIBTHREAD_DB_SO);
- if (!file_is_auto_load_safe (path))
+ if (!file_is_auto_load_safe (path, _("auto-load: Loading libthread-db "
+ "library \"%s\" from $pdir.\n"),
+ path))
result = 0;
else
result = try_thread_db_load (path);
@@ -940,7 +942,10 @@ try_thread_db_load_from_dir (const char *dir, size_t dir_len)
path[dir_len] = '/';
strcpy (path + dir_len + 1, LIBTHREAD_DB_SO);
- if (!file_is_auto_load_safe (path))
+ if (!file_is_auto_load_safe (path, _("auto-load: Loading libthread-db "
+ "library \"%s\" from explicit "
+ "directory.\n"),
+ path))
result = 0;
else
result = try_thread_db_load (path);
--- a/gdb/main.c
+++ b/gdb/main.c
@@ -1002,7 +1002,10 @@ captured_main (void *data)
warning (_("Ignoring file .gdbinit in current directory as it "
"has been deprecated. %s"),
_(adv));
- else if (file_is_auto_load_safe (local_gdbinit))
+ else if (file_is_auto_load_safe (local_gdbinit,
+ _("auto-load: Loading .gdbinit "
+ "file \"%s\".\n"),
+ local_gdbinit))
{
auto_load_local_gdbinit_loaded = 1;
catch_command_errors (source_script, local_gdbinit, 0,
--- a/gdb/python/py-auto-load.c
+++ b/gdb/python/py-auto-load.c
@@ -75,7 +75,10 @@ gdbpy_load_auto_script_for_objfile (struct objfile *objfile, FILE *file,
int is_safe;
struct auto_load_pspace_info *pspace_info;
- is_safe = file_is_auto_load_safe (filename);
+ is_safe = file_is_auto_load_safe (filename,
+ _("auto-load: Loading Python script \"%s\" "
+ "by extension for objfile \"%s\".\n"),
+ filename, objfile->name);
/* Add this script to the hash table too so "info auto-load python-scripts"
can print it. */
@@ -153,7 +156,12 @@ source_section_scripts (struct objfile *objfile, const char *source_name,
make_cleanup_fclose (stream);
make_cleanup (xfree, full_path);
- if (!file_is_auto_load_safe (full_path))
+ if (!file_is_auto_load_safe (full_path,
+ _("auto-load: Loading Python script "
+ "\"%s\" from section \"%s\" of "
+ "objfile \"%s\".\n"),
+ full_path, GDBPY_AUTO_SECTION_NAME,
+ objfile->name))
opened = 0;
}
else