This is the mail archive of the
gdb-patches@sourceware.org
mailing list for the GDB project.
Re: [RFA] Add $pdir as entry for libthread-db-search-path.
- From: Doug Evans <dje at google dot com>
- To: Jan Kratochvil <jan dot kratochvil at redhat dot com>
- Cc: gdb-patches at sourceware dot org, Tom Tromey <tromey at redhat dot com>
- Date: Mon, 2 May 2011 12:50:48 -0700
- Subject: Re: [RFA] Add $pdir as entry for libthread-db-search-path.
- References: <20110429035837.9A1EA24619F@ruffy.mtv.corp.google.com> <20110429123634.GA23843@host1.jankratochvil.net> <BANLkTinAR8yLHhR7KF8ROLTVQskA6fLQdg@mail.gmail.com> <20110429170824.GA6107@host1.jankratochvil.net> <BANLkTinagVcXZqvOg80eoFMnyaw9T0OYUw@mail.gmail.com> <BANLkTin84GeKykSDmc=heySNtCypMqWgdA@mail.gmail.com> <20110502191455.GA6481@host1.jankratochvil.net>
On Mon, May 2, 2011 at 12:14 PM, Jan Kratochvil
<jan.kratochvil@redhat.com> wrote:
> On Sun, 01 May 2011 20:34:02 +0200, Doug Evans wrote:
>> 1) This is a patch for the FSF tree, not Fedora.
>> If this kind of security concern is the rule for the FSF tree
>
> As both libthread_db and pretty printers have the same attack surface (*) as
> ? ? ? ?DWARF expression overflow
> ? ? ? ?http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4146
> where this CVE lists all public GNU/Linux vendors I do not think such security
> requirement is Fedora specific.
>
> (*) That is a foreign binary which is enough to just load into GDB.
>
> OTOH the other attack
> ? ? ? ?.gdbinit current directory execution
> ? ? ? ?http://cve.mitre.org/cgi-bin/cvename.cgi?name=2005-1705
> also lists multiple GNU/Linux vendors and the issue is not yet fixed in FSF
> GDB. ?But this is IMO just still work in prograss / unfinished, not rejected:
> ? ? ? ?[RFA] .gdbinit security (revived) [incl doc]
> ? ? ? ?http://sourceware.org/ml/gdb-patches/2010-11/msg00276.html
Thanks, but I'm still stuck ...
Question for the group at large (and I it doesn't matter to me which
way we go, I just want to make forward progress ...).
Do we enforce such security concerns in FSF gdb?
And if so, let's get these issues documented (I have a pet peeve
regarding rules/issues that aren't written down).
I see some things are documented (grep for security in gdb.texinfo)
and we do have "remote system-call-allowed", but there's not yet any
mention of libthread_db or autoloading of python code (a quick scan of
the bugzilla didn't reveal anything).
Second,
If we address these security concerns what is the solution?
One proposal is on the table.
[Maintain a list of trusted paths in gdb and have a flag for
permissive/restrictive mode.
If in restrictive mode libthread_db and autoloaded python/gdbinit code
has to come from a trusted path.
I think one could take this further though.]
Last,
Do we need to address this before adding my $pdir patch?