[patch] New set auto-load-local-gdbinit + disable it by default
Stan Shebs
stanshebs@earthlink.net
Tue Jan 24 00:33:00 GMT 2012
On 1/17/12 1:55 AM, Jan Kratochvil wrote:
> Hi,
>
> this is a patch I want to post for many years. There was:
> [RFA] .gdbinit security (revived) [incl doc]
> http://sourceware.org/ml/gdb-patches/2010-11/msg00276.html
> which was a follow-up for its referenced:
> RFC: Check permissions of .gdbinit files
> http://sourceware.org/ml/gdb-patches/2005-05/msg00637.html
> which was addressing:
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=2005-1705
Sorry to come in late on this, but is this *really* an actual problem?
From the tenor of the discussion, I get the impression of willingness
to break longstanding development habits for most GNU folks in order to
tick off a couple boxes on the security checklist. Before making any
specific changes, I think it would be prudent to ping all the groups
that have their own .gdbinit files; if they're OK with the changes, then
great. Otherwise I think there will be a flood of complaints, and
possibly people distributing versions of GDB with the change reverted,
which would defeat the purpose. :-)
I would imagine that the people who open tarballs from unknown sources
and run GDB on the contents already know about -nx and -x, eh?
Stan
More information about the Gdb-patches
mailing list