This is the mail archive of the gdb-patches@sourceware.org mailing list for the GDB project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH] Also install data-directory into the build directory as computed by relocate_gdb_directory


On Thu, Oct 4, 2012 at 7:51 AM, Joel Brobecker <brobecker@adacore.com> wrote:
>> > I think that this is opening the door for allowing GDB to execute
>> > code without the user being aware of it. I'd rather avoid that.
>>
>> How so?
>
> Let's say: I build a debugger and install it somewhere, and then
> tell my collegues: Hey, use my super-duper GDB. Then, someone hacks
> into my account, set things up to put my GDB into a situation where
> it will think that it's still in a build directory, and then place
> some code in the datadir/python area to auto-execute some malicious
> code...

If they've hacked into your account seems like it's game over regardless.
[All sorts of nasties could be inflicted - e.g., just hack the gdb
binary directly.]


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]