This is the mail archive of the gdb-patches@sources.redhat.com mailing list for the GDB project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: RFC: Check permissions of .gdbinit files


   Date: Mon, 30 May 2005 14:52:01 -0400
   From: Daniel Jacobowitz <drow@false.org>

   Gentoo recently published a security update for GDB, citing the fact that
   GDB would load .gdbinit from the current directory even if that was owned by
   another user.  I'm not sure how I feel about running GDB in an untrusted
   directory or on untrusted binaries and expecting it to behave sensibly, but
   this particular issue is easy to fix.  Here's my suggested fix; it's not the
   same as Gentoo's.  If .gdbinit is world writable or owned by a different
   user, refuse to open it (and warn the user).

   Anyone have opinions on this change?

What does vi do with respect to .exrc?  It might make sense to follow
its example.

Mark


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]