This is the mail archive of the gdb-patches@sourceware.org mailing list for the GDB project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [RFA] Add $pdir as entry for libthread-db-search-path.

On Fri, 29 Apr 2011 18:49:09 +0200, Doug Evans wrote:
> On Fri, Apr 29, 2011 at 5:36 AM, Jan Kratochvil <jan.kratochvil@redhat.com> wrote:
> > This is insecure default. ÂIt is something like the FSF GDB insecure .gdbinit
> > behavior which many distros (at least Fedora but even others) have to patch.
> 
> Does Fedora turn off the autoloading of python?

No.

> How do your pretty printers Just Work?
> [Or maybe you only autoload if the directory is in $prefix/lib/debug
> or some such?]

You are right it is a security hole, I have not tracked to Python autoloading
much.  It should get CVE and security errata assigned as it is the same
category of a security breach as was:
	http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4146


> Plus I wonder how easy it would be to build a program that used an
> accompanying libpthread that didn't match the system libthread_db -
> gdb would then pick the accompanying libthread_db.  Or does Fedora not
> ever look in the directory of libpthread for its libthread_db?

This may be also a security exploit I did not catch.


Thanks,
Jan
Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]