This is the mail archive of the
gdb-patches@sourceware.org
mailing list for the GDB project.
Re: [PATCH] Also install data-directory into the build directory as computed by relocate_gdb_directory
- From: Doug Evans <dje at google dot com>
- To: Joel Brobecker <brobecker at adacore dot com>
- Cc: Eli Zaretskii <eliz at gnu dot org>, khooyp at cs dot umd dot edu, jan dot kratochvil at redhat dot com, gdb-patches at sourceware dot org
- Date: Thu, 4 Oct 2012 07:48:06 -0700
- Subject: Re: [PATCH] Also install data-directory into the build directory as computed by relocate_gdb_directory
- References: <2878953E-B698-43F3-989A-A551D96BAB62@cs.umd.edu> <20120924152641.GF4146@adacore.com> <9F52A338-A158-44DC-90C1-F46503859613@cs.umd.edu> <285502C6-1395-4049-9D55-031EDA3AD06D@cs.umd.edu> <20120924170348.GI4146@adacore.com> <CC9CEDC8-8941-43A8-88EA-DAB1B671DD32@cs.umd.edu> <20120927091737.GB2980@adacore.com> <CADPb22Q1a2TJ_bR0yq_wjOua8pBqBsZXvyS2uteX9xKiLuC9kw@mail.gmail.com> <20121004000840.GI3028@adacore.com> <83k3v69a1r.fsf@gnu.org> <20121004134927.GL3028@adacore.com>
On Thu, Oct 4, 2012 at 6:49 AM, Joel Brobecker <brobecker@adacore.com> wrote:
>> Why not? Aren't there specific directories and/or files near the GDB
>> executable in this case?
>
> I have a feeling that this would open the door allowing attackers
> to setup GDB to execute unwanted code if we make it easy to reproduce
> the same environment and place GDB in a mode where it thinks it is
> inside a build directory.
auto-load safe-path isn't circumvented.
Ever done ./gdb ./gdb and got the complaint about gdb-gdb.gdb not
being loaded? :-)
[Working around that is in my ~/.gdbinit, but I still run into it from
time to time.]
Heh. A thought occurred to me.
The default value of "auto-load safe-path" is
$debugdir:$datadir/auto-load.
Is it a bug that
./gdb --data-directory $(pwd)/data-directory ./gdb
loads data-directory/python/gdb/__init__.py
?
And do we need to augment Python's module loader to handle gdb's
auto-load safe-path?