dont load .gdbinit if it is world writable
Mike Frysinger
vapier@gentoo.org
Mon Mar 5 02:38:00 GMT 2007
On Sunday 04 March 2007, Daniel Jacobowitz wrote:
> On Sun, Mar 04, 2007 at 06:08:02PM -0500, Mike Frysinger wrote:
> > attached patch checks to see if the $PWD/.gdbinit file is world writable
> > and if so, warn about this and refuse to load it
> >
> > idea being that since you can execute just about anything in it, you dont
> > want random people inserting this in it
> >
> > of course, the usefulness of this is marginalized if .gdbinit is owned by
> > a diff user and they just make it world readable but not world writable
> > ... but i dont think a cwdbuf.st_uid == getuid() would be accepted ?
>
> You can find my more thorough patch for this in the archives, from
> late May 2006. There was some feedback (to be honest I completely
> don't remember what it was) and I never got back to it. I think Red
> Hat has a different patch for it in their RPMS, too.
ah i had searched but hadnt found that one since it dated so old (June 2005:
RFC: Check permissions of .gdbinit files)
thanks for the pointer
-mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 827 bytes
Desc: not available
URL: <http://sourceware.org/pipermail/gdb-patches/attachments/20070305/090b62c0/attachment.sig>
More information about the Gdb-patches
mailing list