Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
PostgreSQL 9.3 beta: Federated databases and more
LWN.net Weekly Edition for May 9, 2013
(Nearly) full tickless operation in 3.10
CAN-2005-1704 and CAN-2005-1705 fixed upstream in 6.3
gdb: multiple vulnerabilities
Posted May 26, 2005 9:18 UTC (Thu) by nix (subscriber, #2304)
A review also showed that by default, gdb insecurely sources initialization files from the working directory.
(Indeed, I see no sign that .gdbinit is sourced from anywhere different now.)
Posted Oct 21, 2005 15:28 UTC (Fri) by smoogen (subscriber, #97)
Not checking that directory is not world-writable
Not checking that file is not world-writable
Not checking that the file is a sym-link
Blindly executing any commands in the source file.
Posted Nov 3, 2005 5:55 UTC (Thu) by JoeBuck (subscriber, #2330)
gdb users should be assumed to be developers who have a clue about what they are doing.
Posted Nov 3, 2005 14:27 UTC (Thu) by jzbiciak (✭ supporter ✭, #5246)
It seems like the shared working area and symlink problems could be solved by sourcing a trusted file in the user's home directory, and placing within that file any customizations on the default security policy.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds