This is the mail archive of the gdb-patches@sourceware.org mailing list for the GDB project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [patch] New set auto-load-local-gdbinit + disable it by default

On 1/17/12 1:55 AM, Jan Kratochvil wrote:
Hi,

this is a patch I want to post for many years.  There was:
	[RFA] .gdbinit security (revived) [incl doc]
	http://sourceware.org/ml/gdb-patches/2010-11/msg00276.html
which was a follow-up for its referenced:
	RFC: Check permissions of .gdbinit files
	http://sourceware.org/ml/gdb-patches/2005-05/msg00637.html
which was addressing:
	http://cve.mitre.org/cgi-bin/cvename.cgi?name=2005-1705

Sorry to come in late on this, but is this *really* an actual problem?

From the tenor of the discussion, I get the impression of willingness to break longstanding development habits for most GNU folks in order to tick off a couple boxes on the security checklist. Before making any specific changes, I think it would be prudent to ping all the groups that have their own .gdbinit files; if they're OK with the changes, then great. Otherwise I think there will be a flood of complaints, and possibly people distributing versions of GDB with the change reverted, which would defeat the purpose. :-)

I would imagine that the people who open tarballs from unknown sources and run GDB on the contents already know about -nx and -x, eh?

Stan

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]