This is the mail archive of the
gdb-patches@sourceware.org
mailing list for the GDB project.
Re: [patch#2 4/6] set auto-load safe-path
- From: Eli Zaretskii <eliz at gnu dot org>
- To: Jan Kratochvil <jan dot kratochvil at redhat dot com>
- Cc: gdb-patches at sourceware dot org
- Date: Fri, 30 Mar 2012 10:46:48 +0300
- Subject: Re: [patch#2 4/6] set auto-load safe-path
- References: <20120329091404.GE25449@host2.jankratochvil.net>
- Reply-to: Eli Zaretskii <eliz at gnu dot org>
> Date: Thu, 29 Mar 2012 11:14:04 +0200
> From: Jan Kratochvil <jan.kratochvil@redhat.com>
>
> --- a/gdb/NEWS
> +++ b/gdb/NEWS
> @@ -149,6 +149,10 @@ set auto-load libthread-db on|off
> show auto-load libthread-db
> Control auto-loading of inferior specific thread debugging shared library.
>
> +set auto-load safe-path <dir1>[:<dir2>...]
> +show auto-load safe-path
> + Set a list of directories from which it is safe to auto-load files.
OK, but perhaps say that a semi-colon is to be used on MS-Windows and
MS-DOS systems.
> + fprintf_filtered (file,
> + _("Directory list safe to hold auto-loaded files is %s.\n"),
Suggest to reword
List of directories from which it is safe to auto-load files is %s.
> +safe-path: Directory list safe to hold auto-loaded files is /usr/local.
If you accept the above rewording, this needs to be modified
accordingly.
> +If the path is not set properly you will see a warning and the file does not
> +get loaded: ^^^^^^^^
^^^^^^^^^^
"will not get loaded", for consistency with "will see a warning".
> +The list of trusted directories is controlled by commands:
^^^^^^^^^^^^^^^^^^^^^^^^^
"... is controlled by the following commands:"
> +loading and execution of scripts. The list of directories uses directory
> +separator as its delimiter. You can also enter a specific trusted file.
I would suggest to name the separator character explicitly:
The list of directories uses directory separator (@samp{:} on GNU
and Unix systems, @samp{;} on MS-Windows and MS-DOS) to separate
directories, similarly to the @env{PATH} environment variable.
> +@item show auto-load safe-path
> +Show the list of directories (and their subdirectories) trusted for automatic
> +loading and execution of scripts.
Does the command really show the subdirectories? If not, I think you
meant to say that having a directory in the list makes all of its
subdirectories safe as well; if so, you should say this where you
describe the "set" command.
> +See also deprecated @ref{Current Directory Init File during Startup}.
Again, HTML-style references don't work well. Use @pxref instead, as
I showed in my other message.
> +There are multiple ways to get the files declined in the example above loaded:
Suggest to rephrase:
To force @value{GDBN} to load the files it declined to load in the
previous example, you could use one of the following ways:
> +@item gdb -iex "set auto-load safe-path /usr:/bin:~/src/gdb" [...]
Please use @dots{} instead of literal periods, the former looks better
in print.
> +@item gdb -iex "set auto-load safe-path" [...]
Likewise.
Also, since the last two items are keyboard commands, it is better to
put them in @kbd.
> +@item ./configure --without-auto-load-safe-path
Here too. And in this following snippet:
> +@itemize @bullet
> +@item gdb -iex "set auto-load no" [...]
> +You can use @value{GDBN} command-line option for a single @value{GDBN} session.
> +
> +@item ~/.gdbinit: set auto-load no
> +Disable auto-loading globally for the user
> +(@pxref{Home Directory Init File}). While it is improbable you could also
^
Comma is missing here.
> +Be aware even downloaded source packages may contain exploit code which may get
> +executed by @value{GDBN} without explicitly running any program therein.
I'm not sure this text belongs to the GDB manual. General-purpose
security considerations are not the subject of this manual.
In any case, "be aware that ...".
> +This setting should contain so called canonical filenames, after any symbolic
> +links, current and parent directories have been resolved.
That's a nuisance for users, isn't it? Suppose the sysadmin
reconfigures the system so that my home directory is moved to another
filesystem -- all my safe directories will stop working at that very
instant, right? Where's the principle of the least astonishment?
> Both the
> +@samp{auto-load safe-path} setting and the scripts being verified are
> +canonicalized first for their matching.
"... are canonicalized before they are compared".
OK with those changes.