This is the mail archive of the
gdb-patches@sourceware.org
mailing list for the GDB project.
Re: [patch] New set auto-load-local-gdbinit + disable it by default
It's become really hard, at least for me, to focus on this discussion.
We started from discussing about the local .gdbinit file to everything
auto-loaded is unsafe. I see why the latter was discussed, and how it
was useful, so this is not a criticism.
After having read everyone's emails so far, my stance on this is:
. About reading the .gdbinit file in the current directory:
It's a question of how seriously the security weakness should be
taken. I confess I have a hard time taking them seriously, but
I know I am probably too naive. This is a feature that I could
personally live without, and therefore will not oppose its removal.
I would like to propose the following, however, to help the users
who want to continue relying on it. I am happy to implement it
if necessary:
Provide a new command that would read the .gdbinit file in
the current working directory if present, and do nothing
otherwise. I would like to provide options that select
between loading silently, and loading with a warning first,
and why not, asking before loading.
The idea is that the user who would like to preserve
the old behavior can put that command in his $HOME/.gdbinit
file.
. To me, it is extremely important that system-gdbinit is still
automatically loaded. The system gdbinit file is there to help
the user setup his debugging session. It should be considered
as trusted, and I oppose a change that would stop is automatic
loading. The language is strong, but it does not mean that
I have veto right - so if I am outvoted, so be it.
. About the auto-loading of Python code: I think that the cost
of removing the auto-loading, even if it is only for non-trusted
directories, would be too high. I would prefer if it discussed
this separately after the .gdbinit issue has been resolved.
--
Joel