This is the mail archive of the
gdb-patches@sources.redhat.com
mailing list for the GDB project.
Re: RFC: Check permissions of .gdbinit files
- From: Mark Kettenis <mark dot kettenis at xs4all dot nl>
- To: drow at false dot org
- Cc: gdb-patches at sourceware dot org
- Date: Sun, 12 Jun 2005 00:35:16 +0200 (CEST)
- Subject: Re: RFC: Check permissions of .gdbinit files
- References: <20050530185201.GA29332@nevyn.them.org>
Date: Mon, 30 May 2005 14:52:01 -0400
From: Daniel Jacobowitz <drow@false.org>
Gentoo recently published a security update for GDB, citing the fact that
GDB would load .gdbinit from the current directory even if that was owned by
another user. I'm not sure how I feel about running GDB in an untrusted
directory or on untrusted binaries and expecting it to behave sensibly, but
this particular issue is easy to fix. Here's my suggested fix; it's not the
same as Gentoo's. If .gdbinit is world writable or owned by a different
user, refuse to open it (and warn the user).
Anyone have opinions on this change?
What does vi do with respect to .exrc? It might make sense to follow
its example.
Mark