394 lines
17 KiB
Diff
394 lines
17 KiB
Diff
http://sourceware.org/ml/gdb-patches/2012-05/msg00477.html
|
|
Subject: [patch+doc 2/2] auto-load: Fix default /usr/lib/debug/ loading
|
|
|
|
Hi,
|
|
|
|
with recent security fix to use only $datadir/auto-load/ directory instead of
|
|
anything under $prefix/ (which contains insecure $prefix/tmp/ etc.) it
|
|
introduced a regression that GDB's default --with-separate-debug-dir would no
|
|
longer be secure; which IMO can be assumed as secure. This is because
|
|
I forgot to move into 'set auto-load scripts-directory' (and 'safe-path') also
|
|
debug-file-diretory; besides $datadir/auto-load which I have moved there.
|
|
|
|
To also solve the problem with relocatability and make it configurable I just
|
|
introduce besides $datadir now also $debugdir and add it into
|
|
default 'set auto-load scripts-directory'. It also IMO makes it more clear
|
|
what everything is being auto-loaded in:
|
|
|
|
(gdb) show auto-load
|
|
gdb-scripts: Auto-loading of canned sequences of commands scripts is on.
|
|
libthread-db: Auto-loading of inferior specific libthread_db is on.
|
|
local-gdbinit: Auto-loading of .gdbinit script from current directory is on.
|
|
python-scripts: Auto-loading of Python scripts is on.
|
|
safe-path: List of directories from which it is safe to auto-load files is $debugdir:$datadir/auto-load.
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
|
scripts-directory: List of directories from which to load auto-loaded scripts is $debugdir:$datadir/auto-load.
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
|
No regressions on {x86_64,x86_64-m32,i686}-fedora17-linux-gnu.
|
|
|
|
I find it more just a bugfix of a regression by myself.
|
|
|
|
|
|
Thanks,
|
|
Jan
|
|
|
|
|
|
gdb/
|
|
2012-05-12 Jan Kratochvil <jan.kratochvil@redhat.com>
|
|
|
|
* NEWS (--with-auto-load-dir): Prepend $debugdir to the default path.
|
|
Describe it.
|
|
* auto-load.c (auto_load_expand_dir_vars): New function.
|
|
(auto_load_safe_path_vec_update): Use it, remove the
|
|
substitute_path_component call thanks to it.
|
|
(auto_load_objfile_script): Remove the debug_file_directory processing.
|
|
Use auto_load_expand_dir_vars, remove the substitute_path_component
|
|
call thanks to it.
|
|
* configure: Regenerate.
|
|
* configure.ac (--with-auto-load-dir): Prepend $debugdir to the default
|
|
path. Escape $ also for $debugdir.
|
|
(--with_auto_load_safe_path): Escape $ also for $debugdir.
|
|
* utils.c (substitute_path_component): Accept also DIRNAME_SEPARATOR.
|
|
|
|
gdb/doc/
|
|
2012-05-12 Jan Kratochvil <jan.kratochvil@redhat.com>
|
|
|
|
* gdb.texinfo (Separate Debug Files): New anchor debug-file-directory.
|
|
Mention also --with-separate-debug-dir.
|
|
(Auto-loading): Prepend $debugdir in the sample output.
|
|
(Auto-loading safe path): Likewise. Mention also $debugdir for the
|
|
auto-load safe-path variable.
|
|
(objfile-gdb.py file): Remove the extra debug-file-directory paragraph.
|
|
Mention also $debugdir for 'set auto-load scripts-directory'.
|
|
|
|
Index: gdb-7.4.50.20120120/gdb/NEWS
|
|
===================================================================
|
|
--- gdb-7.4.50.20120120.orig/gdb/NEWS 2012-05-14 14:24:20.000000000 +0200
|
|
+++ gdb-7.4.50.20120120/gdb/NEWS 2012-05-14 14:24:49.510422485 +0200
|
|
@@ -317,8 +317,10 @@ show trace-stop-notes
|
|
|
|
--with-auto-load-dir
|
|
Configure default value for the 'set auto-load scripts-directory'
|
|
- setting above. It defaults to '$datadir/auto-load', $datadir
|
|
- representing GDB's data directory (available via show data-directory).
|
|
+ setting above. It defaults to '$debugdir:$datadir/auto-load',
|
|
+ $debugdir representing global debugging info directories (available
|
|
+ via 'show debug-file-directory') and $datadir representing GDB's data
|
|
+ directory (available via 'show data-directory').
|
|
|
|
--with-auto-load-safe-path
|
|
Configure default value for the 'set auto-load safe-path' setting
|
|
Index: gdb-7.4.50.20120120/gdb/auto-load.c
|
|
===================================================================
|
|
--- gdb-7.4.50.20120120.orig/gdb/auto-load.c 2012-05-14 14:24:20.000000000 +0200
|
|
+++ gdb-7.4.50.20120120/gdb/auto-load.c 2012-05-14 14:24:49.511422483 +0200
|
|
@@ -147,6 +147,30 @@ static char *auto_load_safe_path;
|
|
counterpart. */
|
|
static VEC (char_ptr) *auto_load_safe_path_vec;
|
|
|
|
+/* Expand $datadir and $debugdir in STRING according to the rules of
|
|
+ substitute_path_component. Return vector from dirnames_to_char_ptr_vec,
|
|
+ this vector must be freed by free_char_ptr_vec by the caller. */
|
|
+
|
|
+static VEC (char_ptr) *
|
|
+auto_load_expand_dir_vars (const char *string)
|
|
+{
|
|
+ VEC (char_ptr) *dir_vec;
|
|
+ char *s;
|
|
+
|
|
+ s = xstrdup (string);
|
|
+ substitute_path_component (&s, "$datadir", gdb_datadir);
|
|
+ substitute_path_component (&s, "$debugdir", debug_file_directory);
|
|
+
|
|
+ if (debug_auto_load && strcmp (s, string) != 0)
|
|
+ fprintf_unfiltered (gdb_stdlog,
|
|
+ _("auto-load: Expanded $-variables to \"%s\".\n"), s);
|
|
+
|
|
+ dir_vec = dirnames_to_char_ptr_vec (s);
|
|
+ xfree(s);
|
|
+
|
|
+ return dir_vec;
|
|
+}
|
|
+
|
|
/* Update auto_load_safe_path_vec from current AUTO_LOAD_SAFE_PATH. */
|
|
|
|
static void
|
|
@@ -163,7 +187,7 @@ auto_load_safe_path_vec_update (void)
|
|
|
|
free_char_ptr_vec (auto_load_safe_path_vec);
|
|
|
|
- auto_load_safe_path_vec = dirnames_to_char_ptr_vec (auto_load_safe_path);
|
|
+ auto_load_safe_path_vec = auto_load_expand_dir_vars (auto_load_safe_path);
|
|
len = VEC_length (char_ptr, auto_load_safe_path_vec);
|
|
|
|
/* Apply tilde_expand and gdb_realpath to each AUTO_LOAD_SAFE_PATH_VEC
|
|
@@ -171,16 +195,10 @@ auto_load_safe_path_vec_update (void)
|
|
for (ix = 0; ix < len; ix++)
|
|
{
|
|
char *dir = VEC_index (char_ptr, auto_load_safe_path_vec, ix);
|
|
- char *ddir_subst, *expanded, *real_path;
|
|
-
|
|
- ddir_subst = xstrdup (dir);
|
|
- substitute_path_component (&ddir_subst, "$datadir", gdb_datadir);
|
|
- expanded = tilde_expand (ddir_subst);
|
|
- xfree (ddir_subst);
|
|
- real_path = gdb_realpath (expanded);
|
|
+ char *expanded = tilde_expand (dir);
|
|
+ char *real_path = gdb_realpath (expanded);
|
|
|
|
- /* Ensure the current entry is at least a valid path (therefore
|
|
- $datadir-expanded and tilde-expanded). */
|
|
+ /* Ensure the current entry is at least tilde_expand-ed. */
|
|
VEC_replace (char_ptr, auto_load_safe_path_vec, ix, expanded);
|
|
|
|
if (debug_auto_load)
|
|
@@ -645,42 +663,6 @@ auto_load_objfile_script (struct objfile
|
|
|
|
if (!input)
|
|
{
|
|
- char *debugdir;
|
|
- VEC (char_ptr) *debugdir_vec;
|
|
- int ix;
|
|
-
|
|
- debugdir_vec = dirnames_to_char_ptr_vec (debug_file_directory);
|
|
- make_cleanup_free_char_ptr_vec (debugdir_vec);
|
|
-
|
|
- if (debug_auto_load)
|
|
- fprintf_unfiltered (gdb_stdlog,
|
|
- _("auto-load: Searching 'set debug-file-directory' "
|
|
- "path \"%s\".\n"),
|
|
- debug_file_directory);
|
|
-
|
|
- for (ix = 0; VEC_iterate (char_ptr, debugdir_vec, ix, debugdir); ++ix)
|
|
- {
|
|
- /* Also try the same file in the separate debug info directory. */
|
|
- debugfile = xmalloc (strlen (debugdir) + strlen (filename) + 1);
|
|
- strcpy (debugfile, debugdir);
|
|
-
|
|
- /* FILENAME is absolute, so we don't need a "/" here. */
|
|
- strcat (debugfile, filename);
|
|
-
|
|
- make_cleanup (xfree, debugfile);
|
|
- input = fopen (debugfile, "r");
|
|
- if (debug_auto_load)
|
|
- fprintf_unfiltered (gdb_stdlog, _("auto-load: Attempted file "
|
|
- "\"%s\" %s.\n"),
|
|
- debugfile,
|
|
- input ? _("exists") : _("does not exist"));
|
|
- if (input != NULL)
|
|
- break;
|
|
- }
|
|
- }
|
|
-
|
|
- if (!input)
|
|
- {
|
|
VEC (char_ptr) *vec;
|
|
int ix;
|
|
char *dir;
|
|
@@ -688,7 +670,7 @@ auto_load_objfile_script (struct objfile
|
|
/* Also try the same file in a subdirectory of gdb's data
|
|
directory. */
|
|
|
|
- vec = dirnames_to_char_ptr_vec (auto_load_dir);
|
|
+ vec = auto_load_expand_dir_vars (auto_load_dir);
|
|
make_cleanup_free_char_ptr_vec (vec);
|
|
|
|
if (debug_auto_load)
|
|
@@ -698,10 +680,8 @@ auto_load_objfile_script (struct objfile
|
|
|
|
for (ix = 0; VEC_iterate (char_ptr, vec, ix, dir); ++ix)
|
|
{
|
|
- debugfile = xstrdup (dir);
|
|
- substitute_path_component (&debugfile, "$datadir", gdb_datadir);
|
|
- debugfile = xrealloc (debugfile, (strlen (debugfile)
|
|
- + strlen (filename) + 1));
|
|
+ debugfile = xmalloc (strlen (dir) + strlen (filename) + 1);
|
|
+ strcpy (debugfile, dir);
|
|
|
|
/* FILENAME is absolute, so we don't need a "/" here. */
|
|
strcat (debugfile, filename);
|
|
Index: gdb-7.4.50.20120120/gdb/configure
|
|
===================================================================
|
|
--- gdb-7.4.50.20120120.orig/gdb/configure 2012-05-14 14:24:38.000000000 +0200
|
|
+++ gdb-7.4.50.20120120/gdb/configure 2012-05-14 14:24:55.856409977 +0200
|
|
@@ -1670,7 +1670,7 @@ Optional Packages:
|
|
def. auto=librpm.so)
|
|
--with-auto-load-dir=PATH
|
|
directories from which to load auto-loaded scripts
|
|
- [$datadir/auto-load]
|
|
+ [$debugdir:$datadir/auto-load]
|
|
--with-auto-load-safe-path=PATH
|
|
directories safe to hold auto-loaded files
|
|
[--with-auto-load-dir]
|
|
@@ -8494,10 +8494,10 @@ $as_echo_n "checking for default auto-lo
|
|
if test "${with_auto_load_dir+set}" = set; then :
|
|
withval=$with_auto_load_dir;
|
|
else
|
|
- with_auto_load_dir='$datadir/auto-load'
|
|
+ with_auto_load_dir='$debugdir:$datadir/auto-load'
|
|
fi
|
|
|
|
-escape_dir=`echo $with_auto_load_dir | sed 's/[$]datadir\>/\\\\\\\\\\\\&/g'`
|
|
+escape_dir=`echo $with_auto_load_dir | sed 's/[$]\(datadir\|debugdir\)\>/\\\\\\\\\\\\&/g'`
|
|
|
|
test "x$prefix" = xNONE && prefix="$ac_default_prefix"
|
|
test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
|
|
@@ -8524,7 +8524,7 @@ else
|
|
with_auto_load_safe_path="$with_auto_load_dir"
|
|
fi
|
|
|
|
-escape_dir=`echo $with_auto_load_safe_path | sed 's/[$]datadir\>/\\\\\\\\\\\\&/g'`
|
|
+escape_dir=`echo $with_auto_load_safe_path | sed 's/[$]\(datadir\|debugdir\)\>/\\\\\\\\\\\\&/g'`
|
|
|
|
test "x$prefix" = xNONE && prefix="$ac_default_prefix"
|
|
test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
|
|
Index: gdb-7.4.50.20120120/gdb/configure.ac
|
|
===================================================================
|
|
--- gdb-7.4.50.20120120.orig/gdb/configure.ac 2012-05-14 14:24:20.000000000 +0200
|
|
+++ gdb-7.4.50.20120120/gdb/configure.ac 2012-05-14 14:24:49.515422477 +0200
|
|
@@ -342,9 +342,9 @@ fi
|
|
AC_MSG_CHECKING([for default auto-load directory])
|
|
AC_ARG_WITH(auto-load-dir,
|
|
AS_HELP_STRING([--with-auto-load-dir=PATH],
|
|
- [directories from which to load auto-loaded scripts @<:@$datadir/auto-load@:>@]),,
|
|
- [with_auto_load_dir='$datadir/auto-load'])
|
|
-escape_dir=`echo $with_auto_load_dir | sed 's/[[$]]datadir\>/\\\\\\\\\\\\&/g'`
|
|
+ [directories from which to load auto-loaded scripts @<:@$debugdir:$datadir/auto-load@:>@]),,
|
|
+ [with_auto_load_dir='$debugdir:$datadir/auto-load'])
|
|
+escape_dir=`echo $with_auto_load_dir | sed 's/[[$]]\(datadir\|debugdir\)\>/\\\\\\\\\\\\&/g'`
|
|
AC_DEFINE_DIR(AUTO_LOAD_DIR, escape_dir,
|
|
[Directories from which to load auto-loaded scripts.])
|
|
AC_MSG_RESULT([$with_auto_load_dir])
|
|
@@ -359,7 +359,7 @@ AS_HELP_STRING([--without-auto-load-safe
|
|
with_auto_load_safe_path="/"
|
|
fi],
|
|
[with_auto_load_safe_path="$with_auto_load_dir"])
|
|
-escape_dir=`echo $with_auto_load_safe_path | sed 's/[[$]]datadir\>/\\\\\\\\\\\\&/g'`
|
|
+escape_dir=`echo $with_auto_load_safe_path | sed 's/[[$]]\(datadir\|debugdir\)\>/\\\\\\\\\\\\&/g'`
|
|
AC_DEFINE_DIR(AUTO_LOAD_SAFE_PATH, escape_dir,
|
|
[Directories safe to hold auto-loaded files.])
|
|
AC_MSG_RESULT([$with_auto_load_safe_path])
|
|
Index: gdb-7.4.50.20120120/gdb/doc/gdb.texinfo
|
|
===================================================================
|
|
--- gdb-7.4.50.20120120.orig/gdb/doc/gdb.texinfo 2012-05-14 14:24:20.000000000 +0200
|
|
+++ gdb-7.4.50.20120120/gdb/doc/gdb.texinfo 2012-05-14 14:24:49.520422467 +0200
|
|
@@ -16028,8 +16028,11 @@ debug information files, in the indicate
|
|
@file{/usr/lib/debug/usr/bin/ls.debug}.
|
|
@end itemize
|
|
|
|
-You can set the global debugging info directories, and view the
|
|
-list @value{GDBN} is currently using.
|
|
+@anchor{debug-file-directory}
|
|
+Global debugging info directories default to what is set by @value{GDBN}
|
|
+configure option @option{--with-separate-debug-dir}. During @value{GDBN} run
|
|
+you can also set the global debugging info directories, and view the list
|
|
+@value{GDBN} is currently using.
|
|
|
|
@table @code
|
|
|
|
@@ -20807,9 +20810,9 @@ local-gdbinit: Auto-loading of .gdbinit
|
|
is on.
|
|
python-scripts: Auto-loading of Python scripts is on.
|
|
safe-path: List of directories from which it is safe to auto-load files
|
|
- is $datadir/auto-load.
|
|
+ is $debugdir:$datadir/auto-load.
|
|
scripts-directory: List of directories from which to load auto-loaded scripts
|
|
- is $datadir/auto-load.
|
|
+ is $debugdir:$datadir/auto-load.
|
|
@end smallexample
|
|
|
|
@anchor{info auto-load}
|
|
@@ -21025,9 +21028,11 @@ get loaded:
|
|
$ ./gdb -q ./gdb
|
|
Reading symbols from /home/user/gdb/gdb...done.
|
|
warning: File "/home/user/gdb/gdb-gdb.gdb" auto-loading has been
|
|
- declined by your `auto-load safe-path' set to "$datadir/auto-load".
|
|
+ declined by your `auto-load safe-path' set
|
|
+ to "$debugdir:$datadir/auto-load".
|
|
warning: File "/home/user/gdb/gdb-gdb.py" auto-loading has been
|
|
- declined by your `auto-load safe-path' set to "$datadir/auto-load".
|
|
+ declined by your `auto-load safe-path' set
|
|
+ to "$debugdir:$datadir/auto-load".
|
|
@end smallexample
|
|
|
|
The list of trusted directories is controlled by the following commands:
|
|
@@ -21060,11 +21065,10 @@ host platform path separator in use.
|
|
@end table
|
|
|
|
This variable defaults to what @code{--with-auto-load-dir} has been configured
|
|
-to (@pxref{with-auto-load-dir}). @file{$datadir} substituation applies the same
|
|
-as for @xref{set auto-load scripts-directory}.
|
|
-The default @code{set
|
|
-auto-load safe-path} value can be also overriden by @value{GDBN} configuration
|
|
-option @option{--with-auto-load-safe-path}.
|
|
+to (@pxref{with-auto-load-dir}). @file{$debugdir} and @file{$datadir}
|
|
+substituation applies the same as for @xref{set auto-load scripts-directory}.
|
|
+The default @code{set auto-load safe-path} value can be also overriden by
|
|
+@value{GDBN} configuration option @option{--with-auto-load-safe-path}.
|
|
|
|
Setting this variable to @file{/} disables this security protection,
|
|
corresponding @value{GDBN} configuration option is
|
|
@@ -25158,12 +25162,7 @@ that the file name is absolute, followin
|
|
@code{.} and @code{..} components. If this file exists and is
|
|
readable, @value{GDBN} will evaluate it as a Python script.
|
|
|
|
-If this file does not exist, and if the parameter
|
|
-@code{debug-file-directory} is set (@pxref{Separate Debug Files}),
|
|
-then @value{GDBN} will look for @var{script-name} in all of the
|
|
-directories mentioned in the value of @code{debug-file-directory}.
|
|
-
|
|
-Finally, if this file does not exist, then @value{GDBN} will look for
|
|
+If this file does not exist, then @value{GDBN} will look for
|
|
@var{script-name} file in all of the directories as specified below.
|
|
|
|
Note that loading of this script file also requires accordingly configured
|
|
@@ -25181,12 +25180,14 @@ Each entry here needs to be covered also
|
|
@code{set auto-load safe-path} (@pxref{set auto-load safe-path}).
|
|
|
|
@anchor{with-auto-load-dir}
|
|
-This variable defaults to @file{$datadir/auto-load}. The default @code{set
|
|
-auto-load safe-path} value can be also overriden by @value{GDBN} configuration
|
|
-option @option{--with-auto-load-dir}.
|
|
-
|
|
-Any used string @file{$datadir} will get replaced by @var{data-directory} which
|
|
-is determined at @value{GDBN} startup (@pxref{Data Files}). @file{$datadir}
|
|
+This variable defaults to @file{$debugdir:$datadir/auto-load}. The default
|
|
+@code{set auto-load safe-path} value can be also overriden by @value{GDBN}
|
|
+configuration option @option{--with-auto-load-dir}.
|
|
+
|
|
+Any used string @file{$debugdir} will get replaced by @var{debug-file-directory}
|
|
+value (@pxref{Separate Debug Files}) and any used string @file{$datadir} will
|
|
+get replaced by @var{data-directory} which is determined at @value{GDBN} startup
|
|
+(@pxref{Data Files}). @file{$debugdir} and @file{$datadir}
|
|
must be placed as a directory component --- either alone or delimited by
|
|
@file{/} or @file{\} directory separators, depending on the host platform.
|
|
|
|
Index: gdb-7.4.50.20120120/gdb/utils.c
|
|
===================================================================
|
|
--- gdb-7.4.50.20120120.orig/gdb/utils.c 2012-05-14 14:24:11.000000000 +0200
|
|
+++ gdb-7.4.50.20120120/gdb/utils.c 2012-05-14 14:24:49.521422465 +0200
|
|
@@ -3927,8 +3927,8 @@ dirnames_to_char_ptr_vec (const char *di
|
|
|
|
/* Substitute all occurences of string FROM by string TO in *STRINGP. *STRINGP
|
|
must come from xrealloc-compatible allocator and it may be updated. FROM
|
|
- needs to be delimited by IS_DIR_SEPARATOR (or be located at the start or
|
|
- end of *STRINGP. */
|
|
+ needs to be delimited by IS_DIR_SEPARATOR or DIRNAME_SEPARATOR (or be
|
|
+ located at the start or end of *STRINGP. */
|
|
|
|
void
|
|
substitute_path_component (char **stringp, const char *from, const char *to)
|
|
@@ -3943,8 +3943,10 @@ substitute_path_component (char **string
|
|
if (s == NULL)
|
|
break;
|
|
|
|
- if ((s == string || IS_DIR_SEPARATOR (s[-1]))
|
|
- && (s[from_len] == '\0' || IS_DIR_SEPARATOR (s[from_len])))
|
|
+ if ((s == string || IS_DIR_SEPARATOR (s[-1])
|
|
+ || s[-1] == DIRNAME_SEPARATOR)
|
|
+ && (s[from_len] == '\0' || IS_DIR_SEPARATOR (s[from_len])
|
|
+ || s[from_len] == DIRNAME_SEPARATOR))
|
|
{
|
|
char *string_new;
|
|
|