This is the mail archive of the
gdb-patches@sourceware.org
mailing list for the GDB project.
Re: [PATCH] Also install data-directory into the build directory as computed by relocate_gdb_directory
On Thu, Oct 4, 2012 at 7:51 AM, Joel Brobecker <brobecker@adacore.com> wrote:
>> > I think that this is opening the door for allowing GDB to execute
>> > code without the user being aware of it. I'd rather avoid that.
>>
>> How so?
>
> Let's say: I build a debugger and install it somewhere, and then
> tell my collegues: Hey, use my super-duper GDB. Then, someone hacks
> into my account, set things up to put my GDB into a situation where
> it will think that it's still in a build directory, and then place
> some code in the datadir/python area to auto-execute some malicious
> code...
If they've hacked into your account seems like it's game over regardless.
[All sorts of nasties could be inflicted - e.g., just hack the gdb
binary directly.]