This is the mail archive of the gdb-patches@sourceware.org mailing list for the GDB project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [patch] New set auto-load-local-gdbinit + disable it by default


It's become really hard, at least for me, to focus on this discussion.
We started from discussing about the local .gdbinit file to everything
auto-loaded is unsafe. I see why the latter was discussed, and how it
was useful, so this is not a criticism.

After having read everyone's emails so far, my stance on this is:

  . About reading the .gdbinit file in the current directory:
    It's a question of how seriously the security weakness should be
    taken. I confess I have a hard time taking them seriously, but
    I know I am probably too naive.  This is a feature that I could
    personally live without, and therefore will not oppose its removal.

    I would like to propose the following, however, to help the users
    who want to continue relying on it. I am happy to implement it
    if necessary:

        Provide a new command that would read the .gdbinit file in
        the current working directory if present, and do nothing
        otherwise.  I would like to provide options that select
        between loading silently, and loading with a warning first,
        and why not, asking before loading.

        The idea is that the user who would like to preserve
        the old behavior can put that command in his $HOME/.gdbinit
        file.

  . To me, it is extremely important that system-gdbinit is still
    automatically loaded. The system gdbinit file is there to help
    the user setup his debugging session. It should be considered
    as trusted, and I oppose a change that would stop is automatic
    loading. The language is strong, but it does not mean that
    I have veto right - so if I am outvoted, so be it.

  . About the auto-loading of Python code: I think that the cost
    of removing the auto-loading, even if it is only for non-trusted
    directories, would be too high. I would prefer if it discussed
    this separately after the .gdbinit issue has been resolved.

-- 
Joel


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]