[RFA] Add $pdir as entry for libthread-db-search-path.
Jan Kratochvil
jan.kratochvil@redhat.com
Mon May 2 19:15:00 GMT 2011
On Sun, 01 May 2011 20:34:02 +0200, Doug Evans wrote:
> 1) This is a patch for the FSF tree, not Fedora.
> If this kind of security concern is the rule for the FSF tree
As both libthread_db and pretty printers have the same attack surface (*) as
DWARF expression overflow
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4146
where this CVE lists all public GNU/Linux vendors I do not think such security
requirement is Fedora specific.
(*) That is a foreign binary which is enough to just load into GDB.
OTOH the other attack
.gdbinit current directory execution
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2005-1705
also lists multiple GNU/Linux vendors and the issue is not yet fixed in FSF
GDB. But this is IMO just still work in prograss / unfinished, not rejected:
[RFA] .gdbinit security (revived) [incl doc]
http://sourceware.org/ml/gdb-patches/2010-11/msg00276.html
Thanks,
Jan
More information about the Gdb-patches
mailing list