[RFA] Add $pdir as entry for libthread-db-search-path.

[Tom Tromey]

>>>>> "Doug" == Doug Evans <dje@google.com> writes:

Doug> Thanks, but I'm still stuck ...

I have gone back and forth on this a few times.

On the one hand, I think people running gdb on an untrusted executable
are acting naively.  I think this is true even for a python-less build
using -nx -- I just don't think gdb or bfd has had enough scrutiny along
these lines to warrant trust.

On the other hand, I think it makes sense to aim for trustworthiness as
a goal, because gdb is a powerful tool for inspecting executables.

I think my overall preference would be for gdb to run securely by
default, with some runtime settings to let users override this.

Also I don't have any problem recognizing that different organizations
build gdb in different ways for their own reasons, and making
accommodations for that.  That is, a configure option to make $pdir the
default seems fine to me, if you want something like that.

Doug> Question for the group at large (and I it doesn't matter to me which
Doug> way we go, I just want to make forward progress ...).
Doug> Do we enforce such security concerns in FSF gdb?

IMO, yes.

Doug> Second,
Doug> If we address these security concerns what is the solution?
Doug> One proposal is on the table.
Doug> [Maintain a list of trusted paths in gdb and have a flag for
Doug> permissive/restrictive mode.
Doug> If in restrictive mode libthread_db and autoloaded python/gdbinit code
Doug> has to come from a trusted path.
Doug> I think one could take this further though.]

It seems reasonable to me.

Doug> Last,
Doug> Do we need to address this before adding my $pdir patch?

IMO, no, but it would be nicer that way.

Tom