This is the mail archive of the gdb-patches@sourceware.org mailing list for the GDB project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH 2/4] GDB: Document the unix::/path/to/socket of remote connection.

From: Simon Tatham <Simon dot Tatham at arm dot com>
To: John Darrington <john at darrington dot wattle dot id dot au>
Cc: gdb-patches at sourceware dot org, nd at arm dot com
Date: Mon, 15 Oct 2018 10:31:01 +0100
Subject: Re: [PATCH 2/4] GDB: Document the unix::/path/to/socket of remote connection.
References: <cc6ec9f9-20c0-ee07-7047-acd1801a2b1a@redhat.com> <20181013175801.2670-1-john@darrington.wattle.id.au> <20181013175801.2670-2-john@darrington.wattle.id.au>

On 13/10/18 18:57, John Darrington wrote:

+Alternatively you can use a Unix domain socket:
+
+@smallexample
+target remote unix::/tmp/gdb-socket1
+@end smallexample
+@noindent
+
+This has the advantage that it'll not fail if the port number is already
+in use.
+

Hi,

I was pointed at this thread by a colleague, because last week I wasalso considering submitting a patch to allow gdb and gdbserver to talkto each other over Unix-domain sockets, and he pointed out that it wasalready in progress :-)

I'd like to suggest that this documentation change under-stresses what Isee as the most important reason why this is a useful feature: security.

The gdbserver protocol is cleartext and unauthenticated. Running it on aTCP port means that anyone who can connect to that port – and dependingon the network environment, that might be a lot of people – can requestgdbserver to execute arbitrary code in the context of the process beingdebugged, without having to give a vestige of proof as to their right toask for it. This is not really the kind of feature we like about networkprotocols in the modern world!

But Unix-domain sockets are access-controlled via the file permissionson the path leading to the socket file. If you use this new feature tomake a Unix-domain socket inside a directory that only your user id hasaccess to, then any process physically capable of connecting to thesocket has already proved its right to run code under your user id. Sothis solves the whole issue, while keeping all the other conveniences ofthe socket-based gdbserver transport.

Also, current versions of OpenSSH support general forwarding ofUnix-domain sockets over SSH connections. Using that, it should even bepossible to use this system for genuinely _remote_ debugging (i.e.between different machines), without reintroducing the same securityhazard, because the Unix socket at each end is access-controlled, andthe network connection in between them is cryptographically protected.


Cheers,
Simon

Follow-Ups:
- Re: [PATCH 2/4] GDB: Document the unix::/path/to/socket of remote connection.
  - From: John Darrington

References:
- Re: [PATCH] GDBSERVER: Listen on a unix domain (instead of TCP) socket if requested.
  - From: Pedro Alves
- [PATCH 1/4] GDBSERVER: Listen on a unix domain (instead of TCP) socket if requested.
  - From: John Darrington
- [PATCH 2/4] GDB: Document the unix::/path/to/socket of remote connection.
  - From: John Darrington

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]