This is the mail archive of the
gdb-patches@sources.redhat.com
mailing list for the GDB project.
Re: RFC: Check permissions of .gdbinit files
- From: Andreas Schwab <schwab at suse dot de>
- To: gdb-patches at sourceware dot org
- Date: Tue, 31 May 2005 00:29:24 +0200
- Subject: Re: RFC: Check permissions of .gdbinit files
- References: <20050530185201.GA29332@nevyn.them.org>
Daniel Jacobowitz <drow@false.org> writes:
> Gentoo recently published a security update for GDB, citing the fact that
> GDB would load .gdbinit from the current directory even if that was owned by
> another user. I'm not sure how I feel about running GDB in an untrusted
> directory or on untrusted binaries and expecting it to behave sensibly, but
> this particular issue is easy to fix. Here's my suggested fix; it's not the
> same as Gentoo's. If .gdbinit is world writable or owned by a different
> user, refuse to open it (and warn the user).
>
> Anyone have opinions on this change?
IMHO you should at least allow the same group owner.
Andreas.
--
Andreas Schwab, SuSE Labs, schwab@suse.de
SuSE Linux Products GmbH, Maxfeldstraße 5, 90409 Nürnberg, Germany
Key fingerprint = 58CA 54C7 6D53 942B 1756 01D3 44D5 214B 8276 4ED5
"And now for something completely different."