[patch] New set auto-load-local-gdbinit + disable it by default

Tom Tromey tromey@redhat.com
Tue Jan 17 20:22:00 GMT 2012 

>>>>> "Eli" == Eli Zaretskii <eliz@gnu.org> writes:

Jan> Still at least the setting should go in and then one can then have
Jan> "set auto-load-local-gdbinit off" at least in ~/.gdbinit.  Anyway I
Jan> would file a FESCo (Fedora Engineering Steering Committee) ticket
Jan> for such "off" in /etc/gdbinit at least in distro and IMHO it needs
Jan> to get approved (but maybe not, it would be another fork from
Jan> upstream).

Eli> I think this is a draconian measure.  It prevents me from having a
Eli> .gdbinit file loaded automatically as appropriate for a program I'm
Eli> debugging.  Prominent examples include GDB itself and Emacs, which
Eli> both come with a .gdbinit file that makes debugging much easier.

Jan> And "gdb -x ./.gdbinit" is a pretty simple way to do what one wants to do.

Eli> "gdb -x .gdbinit" is much longer than just "gdb".

You can also put the setting into your ~/.gdbinit and get the old
behavior back.

I read through this thread and, while I agree that this change is
inconvenient, I think the inconvenience is outweighed by the security
implications.  I consider this to be similar to putting "." in PATH.
We're just lucky that it hasn't been exploited yet (or at least that we
haven't gotten the blame).

Well, I "agree" with it -- I am not happy about it by a long stretch.
I'm tempted by the idea that gdb should be insecure by default and we
should require "-safe"... but on balance this seems irresponsible to me,
as I think that tools should generally be secure by default.

FWIW, I think this patch doesn't go far enough :-(
Some other topics for consideration; perhaps the new option could cover
all such cases.

* Auto-loading of Python code from the filesystem.
  Perhaps we could have a set of trusted directories; but I wonder if
  there are issues with sysroots starting with "remote:".

* Auto-loading of Python code from objfiles.
  Even more dangerous.

* The JIT interface.
  I'm not sure whether this can be exploited or not.

FWIW, I will probably set the new parameter in my own .gdbinit and use
"-safe" in those rare instances that I do something other than debug
programs that I built myself.

Tom

More information about the Gdb-patches mailing list