RFC: Change readelf/objdump to automatically follow debug links
Nick Clifton
nickc@redhat.com
Fri Feb 12 11:17:34 GMT 2021
Hi Florian,
>> The patch adds a new configure time option
>> --enable-follow-debugs-links=[yes|no] which can be used to set the
>> default behaviour for both objdump and readelf. If the option is
>> not used, the default is to follow the links.
>
> What happens if the debuglink contains '/'? Maybe it's prudent to
> restrict loading of debuginfo data if it comes from the system default
> location.
Hmm, this could pose problems. There are binaries with debug-links that
use absolute paths that are not rooted in system directories, but which
are still valid. For example see:
https://sourceware.org/bugzilla/show_bug.cgi?id=27391
Is there really a problem with following these paths ? Could an attacker
really exploit this somehow ?
Cheers
Nick
More information about the Binutils
mailing list