This is the mail archive of the
gdb-patches@sourceware.org
mailing list for the GDB project.
Re: [RFA] Add $pdir as entry for libthread-db-search-path.
- From: Doug Evans <dje at google dot com>
- To: Jan Kratochvil <jan dot kratochvil at redhat dot com>
- Cc: gdb-patches at sourceware dot org, Tom Tromey <tromey at redhat dot com>
- Date: Sun, 1 May 2011 11:34:02 -0700
- Subject: Re: [RFA] Add $pdir as entry for libthread-db-search-path.
- References: <20110429035837.9A1EA24619F@ruffy.mtv.corp.google.com> <20110429123634.GA23843@host1.jankratochvil.net> <BANLkTinAR8yLHhR7KF8ROLTVQskA6fLQdg@mail.gmail.com> <20110429170824.GA6107@host1.jankratochvil.net> <BANLkTinagVcXZqvOg80eoFMnyaw9T0OYUw@mail.gmail.com>
On Fri, Apr 29, 2011 at 12:00 PM, Doug Evans <dje@google.com> wrote:
> On Fri, Apr 29, 2011 at 10:08 AM, Jan Kratochvil <jan.kratochvil@redhat.com>
> wrote:
>>
>> On Fri, 29 Apr 2011 18:49:09 +0200, Doug Evans wrote:
>> > On Fri, Apr 29, 2011 at 5:36 AM, Jan Kratochvil
>> > <jan.kratochvil@redhat.com> wrote:
>> > > This is insecure default. ?It is something like the FSF GDB insecure
>> > > .gdbinit
>> > > behavior which many distros (at least Fedora but even others) have to
>> > > patch.
>> >
>> > Does Fedora turn off the autoloading of python?
>>
>> No.
>>
>> > How do your pretty printers Just Work?
>> > [Or maybe you only autoload if the directory is in $prefix/lib/debug
>> > or some such?]
>>
>> You are right it is a security hole, I have not tracked to Python
>> autoloading
>> much. ?It should get CVE and security errata assigned as it is the same
>> category of a security breach as was:
>> ? ? ? ?http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4146
>>
>>
>> > Plus I wonder how easy it would be to build a program that used an
>> > accompanying libpthread that didn't match the system libthread_db -
>> > gdb would then pick the accompanying libthread_db. ?Or does Fedora not
>> > ever look in the directory of libpthread for its libthread_db?
>>
>> This may be also a security exploit I did not catch.
>
> I wonder if gdb needs to record a list of trusted paths.
> btw, is system_gdbinit trustable?
I'd like to keep this patch moving, but I don't know what to do next.
Some thoughts:
1) This is a patch for the FSF tree, not Fedora.
If this kind of security concern is the rule for the FSF tree then I
think it's required to be documented somewhere.
[Maybe it already is and I've missed it? If not, let's get it documented.]
2) Can we satisfy the security concern by adding to gdb a list of
trusted paths and then everywhere we open a file that can expose a
such a security concern we see if it's on a path on the list?
As for how to handle the case of not being on the list I suppose one
could have a restrictive/permissive mode.
User-written pretty-printers should Just Work - I could argue for
either choice being the default.
Or ... ?