This is the mail archive of the mailing list for the GDB project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [RFA] Add $pdir as entry for libthread-db-search-path.

On Fri, Apr 29, 2011 at 12:00 PM, Doug Evans <> wrote:
> On Fri, Apr 29, 2011 at 10:08 AM, Jan Kratochvil <>
> wrote:
>> On Fri, 29 Apr 2011 18:49:09 +0200, Doug Evans wrote:
>> > On Fri, Apr 29, 2011 at 5:36 AM, Jan Kratochvil
>> > <> wrote:
>> > > This is insecure default. ?It is something like the FSF GDB insecure
>> > > .gdbinit
>> > > behavior which many distros (at least Fedora but even others) have to
>> > > patch.
>> >
>> > Does Fedora turn off the autoloading of python?
>> No.
>> > How do your pretty printers Just Work?
>> > [Or maybe you only autoload if the directory is in $prefix/lib/debug
>> > or some such?]
>> You are right it is a security hole, I have not tracked to Python
>> autoloading
>> much. ?It should get CVE and security errata assigned as it is the same
>> category of a security breach as was:
>> ? ? ? ?
>> > Plus I wonder how easy it would be to build a program that used an
>> > accompanying libpthread that didn't match the system libthread_db -
>> > gdb would then pick the accompanying libthread_db. ?Or does Fedora not
>> > ever look in the directory of libpthread for its libthread_db?
>> This may be also a security exploit I did not catch.
> I wonder if gdb needs to record a list of trusted paths.
> btw, is system_gdbinit trustable?

I'd like to keep this patch moving, but I don't know what to do next.

Some thoughts:

1) This is a patch for the FSF tree, not Fedora.
If this kind of security concern is the rule for the FSF tree then I
think it's required to be documented somewhere.
[Maybe it already is and I've missed it?  If not, let's get it documented.]

2) Can we satisfy the security concern by adding to gdb a list of
trusted paths and then everywhere we open a file that can expose a
such a security concern we see if it's on a path on the list?
As for how to handle the case of not being on the list I suppose one
could have a restrictive/permissive mode.
User-written pretty-printers should Just Work - I could argue for
either choice being the default.

Or ... ?

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]