gdb: multiple vulnerabilities
Posted Nov 3, 2005 5:55 UTC (Thu) by JoeBuck
In reply to: gdb: multiple vulnerabilities
Parent article: gdb: multiple vulnerabilities
Just the same, gdb is a special case, and developers may need the ability to set up a complicated environment from a .gdbinit file, and this may include executing fairly arbitrary commands. The file is only read, not written, so there is no special reason to be suspicious of a symbolic link (in fact, it is quite likely that a symbolic link would be used in cases where parallel trees are used to produce code for multiple platforms using separate object trees for each).
gdb users should be assumed to be developers who have a clue about what they are doing.
to post comments)