|
yann@570
|
1 |
Original patch from gentoo: gentoo/src/patchsets/gdb/6.8/35_all_gdb-6.3-security-errata-20050610.patch
|
|
yann@570
|
2 |
-= BEGIN original header =-
|
|
yann@570
|
3 |
2005-06-09 Jeff Johnston <jjohnstn@redhat.com>
|
|
yann@570
|
4 |
|
|
yann@570
|
5 |
* gdb.base/gdbinit.exp: New testcase.
|
|
yann@570
|
6 |
* gdb.base/gdbinit.sample: Sample .gdbinit for gdbinit.exp.
|
|
yann@570
|
7 |
|
|
yann@570
|
8 |
2005-06-08 Daniel Jacobowitz <dan@codesourcery.com>
|
|
yann@570
|
9 |
Jeff Johnston <jjohnstn@redhat.com>
|
|
yann@570
|
10 |
|
|
yann@570
|
11 |
* Makefile.in (cli-cmds.o): Update.
|
|
yann@570
|
12 |
* configure.in: Add check for getuid.
|
|
yann@570
|
13 |
* configure: Regenerated.
|
|
yann@570
|
14 |
* config.in: Ditto.
|
|
yann@570
|
15 |
* main.c (captured_main): Pass -1 to source_command when loading
|
|
yann@570
|
16 |
gdbinit files.
|
|
yann@570
|
17 |
* cli/cli-cmds.c: Include "gdb_stat.h" and <fcntl.h>.
|
|
yann@570
|
18 |
(source_command): Update documentation. Check permissions if
|
|
yann@570
|
19 |
FROM_TTY is -1.
|
|
yann@570
|
20 |
|
|
yann@570
|
21 |
-= END original header =-
|
|
yann@570
|
22 |
diff -durN gdb-6.8.orig/gdb/Makefile.in gdb-6.8/gdb/Makefile.in
|
|
yann@570
|
23 |
--- gdb-6.8.orig/gdb/Makefile.in 2008-03-17 13:15:08.000000000 +0100
|
|
yann@570
|
24 |
+++ gdb-6.8/gdb/Makefile.in 2008-06-17 16:07:33.000000000 +0200
|
|
yann@570
|
25 |
@@ -3004,7 +3004,7 @@
|
|
yann@570
|
26 |
$(expression_h) $(frame_h) $(value_h) $(language_h) $(filenames_h) \
|
|
yann@570
|
27 |
$(objfiles_h) $(source_h) $(disasm_h) $(ui_out_h) $(top_h) \
|
|
yann@570
|
28 |
$(cli_decode_h) $(cli_script_h) $(cli_setshow_h) $(cli_cmds_h) \
|
|
yann@570
|
29 |
- $(tui_h)
|
|
yann@570
|
30 |
+ $(tui_h) $(gdb_stat_h)
|
|
yann@570
|
31 |
$(CC) -c $(INTERNAL_CFLAGS) $(srcdir)/cli/cli-cmds.c
|
|
yann@570
|
32 |
cli-decode.o: $(srcdir)/cli/cli-decode.c $(defs_h) $(symtab_h) \
|
|
yann@570
|
33 |
$(gdb_regex_h) $(gdb_string_h) $(completer_h) $(ui_out_h) \
|
|
yann@570
|
34 |
diff -durN gdb-6.8.orig/gdb/cli/cli-cmds.c gdb-6.8/gdb/cli/cli-cmds.c
|
|
yann@570
|
35 |
--- gdb-6.8.orig/gdb/cli/cli-cmds.c 2008-01-01 23:53:14.000000000 +0100
|
|
yann@570
|
36 |
+++ gdb-6.8/gdb/cli/cli-cmds.c 2008-06-17 16:07:33.000000000 +0200
|
|
yann@570
|
37 |
@@ -36,6 +36,7 @@
|
|
yann@570
|
38 |
#include "objfiles.h"
|
|
yann@570
|
39 |
#include "source.h"
|
|
yann@570
|
40 |
#include "disasm.h"
|
|
yann@570
|
41 |
+#include "gdb_stat.h"
|
|
yann@570
|
42 |
|
|
yann@570
|
43 |
#include "ui-out.h"
|
|
yann@570
|
44 |
|
|
yann@570
|
45 |
@@ -459,12 +460,31 @@
|
|
yann@570
|
46 |
|
|
yann@570
|
47 |
if (fd == -1)
|
|
yann@570
|
48 |
{
|
|
yann@570
|
49 |
- if (from_tty)
|
|
yann@570
|
50 |
+ if (from_tty > 0)
|
|
yann@570
|
51 |
perror_with_name (file);
|
|
yann@570
|
52 |
else
|
|
yann@570
|
53 |
return;
|
|
yann@570
|
54 |
}
|
|
yann@570
|
55 |
|
|
yann@570
|
56 |
+#ifdef HAVE_GETUID
|
|
yann@570
|
57 |
+ if (from_tty == -1)
|
|
yann@570
|
58 |
+ {
|
|
yann@570
|
59 |
+ struct stat statbuf;
|
|
yann@570
|
60 |
+ if (fstat (fd, &statbuf) < 0)
|
|
yann@570
|
61 |
+ {
|
|
yann@570
|
62 |
+ perror_with_name (file);
|
|
yann@570
|
63 |
+ close (fd);
|
|
yann@570
|
64 |
+ return;
|
|
yann@570
|
65 |
+ }
|
|
yann@570
|
66 |
+ if (statbuf.st_uid != getuid () || (statbuf.st_mode & S_IWOTH))
|
|
yann@570
|
67 |
+ {
|
|
yann@570
|
68 |
+ warning (_("not using untrusted file \"%s\""), file);
|
|
yann@570
|
69 |
+ close (fd);
|
|
yann@570
|
70 |
+ return;
|
|
yann@570
|
71 |
+ }
|
|
yann@570
|
72 |
+ }
|
|
yann@570
|
73 |
+#endif
|
|
yann@570
|
74 |
+
|
|
yann@570
|
75 |
stream = fdopen (fd, FOPEN_RT);
|
|
yann@570
|
76 |
script_from_file (stream, file);
|
|
yann@570
|
77 |
|
|
yann@570
|
78 |
diff -durN gdb-6.8.orig/gdb/main.c gdb-6.8/gdb/main.c
|
|
yann@570
|
79 |
--- gdb-6.8.orig/gdb/main.c 2008-01-05 17:49:53.000000000 +0100
|
|
yann@570
|
80 |
+++ gdb-6.8/gdb/main.c 2008-06-17 16:07:33.000000000 +0200
|
|
yann@570
|
81 |
@@ -690,7 +690,7 @@
|
|
yann@570
|
82 |
|
|
yann@570
|
83 |
if (!inhibit_gdbinit)
|
|
yann@570
|
84 |
{
|
|
yann@570
|
85 |
- catch_command_errors (source_script, homeinit, 0, RETURN_MASK_ALL);
|
|
yann@570
|
86 |
+ catch_command_errors (source_script, homeinit, -1, RETURN_MASK_ALL);
|
|
yann@570
|
87 |
}
|
|
yann@570
|
88 |
|
|
yann@570
|
89 |
/* Do stats; no need to do them elsewhere since we'll only
|
|
yann@570
|
90 |
@@ -778,7 +778,7 @@
|
|
yann@570
|
91 |
|| memcmp ((char *) &homebuf, (char *) &cwdbuf, sizeof (struct stat)))
|
|
yann@570
|
92 |
if (!inhibit_gdbinit)
|
|
yann@570
|
93 |
{
|
|
yann@570
|
94 |
- catch_command_errors (source_script, gdbinit, 0, RETURN_MASK_ALL);
|
|
yann@570
|
95 |
+ catch_command_errors (source_script, gdbinit, -1, RETURN_MASK_ALL);
|
|
yann@570
|
96 |
}
|
|
yann@570
|
97 |
|
|
yann@570
|
98 |
for (i = 0; i < ncmd; i++)
|
|
yann@570
|
99 |
diff -durN gdb-6.8.orig/gdb/testsuite/gdb.base/gdbinit.exp gdb-6.8/gdb/testsuite/gdb.base/gdbinit.exp
|
|
yann@570
|
100 |
--- gdb-6.8.orig/gdb/testsuite/gdb.base/gdbinit.exp 1970-01-01 01:00:00.000000000 +0100
|
|
yann@570
|
101 |
+++ gdb-6.8/gdb/testsuite/gdb.base/gdbinit.exp 2008-06-17 16:07:33.000000000 +0200
|
|
yann@570
|
102 |
@@ -0,0 +1,98 @@
|
|
yann@570
|
103 |
+# Copyright 2005
|
|
yann@570
|
104 |
+# Free Software Foundation, Inc.
|
|
yann@570
|
105 |
+
|
|
yann@570
|
106 |
+# This program is free software; you can redistribute it and/or modify
|
|
yann@570
|
107 |
+# it under the terms of the GNU General Public License as published by
|
|
yann@570
|
108 |
+# the Free Software Foundation; either version 2 of the License, or
|
|
yann@570
|
109 |
+# (at your option) any later version.
|
|
yann@570
|
110 |
+#
|
|
yann@570
|
111 |
+# This program is distributed in the hope that it will be useful,
|
|
yann@570
|
112 |
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
yann@570
|
113 |
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
yann@570
|
114 |
+# GNU General Public License for more details.
|
|
yann@570
|
115 |
+#
|
|
yann@570
|
116 |
+# You should have received a copy of the GNU General Public License
|
|
yann@570
|
117 |
+# along with this program; if not, write to the Free Software
|
|
yann@570
|
118 |
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
|
yann@570
|
119 |
+
|
|
yann@570
|
120 |
+# Please email any bugs, comments, and/or additions to this file to:
|
|
yann@570
|
121 |
+# bug-gdb@prep.ai.mit.edu
|
|
yann@570
|
122 |
+
|
|
yann@570
|
123 |
+# This file was written by Jeff Johnston <jjohnstn@redhat.com>.
|
|
yann@570
|
124 |
+
|
|
yann@570
|
125 |
+if $tracelevel then {
|
|
yann@570
|
126 |
+ strace $tracelevel
|
|
yann@570
|
127 |
+}
|
|
yann@570
|
128 |
+
|
|
yann@570
|
129 |
+set prms_id 0
|
|
yann@570
|
130 |
+set bug_id 0
|
|
yann@570
|
131 |
+
|
|
yann@570
|
132 |
+# are we on a target board
|
|
yann@570
|
133 |
+if [is_remote target] {
|
|
yann@570
|
134 |
+ return
|
|
yann@570
|
135 |
+}
|
|
yann@570
|
136 |
+
|
|
yann@570
|
137 |
+
|
|
yann@570
|
138 |
+global verbose
|
|
yann@570
|
139 |
+global GDB
|
|
yann@570
|
140 |
+global GDBFLAGS
|
|
yann@570
|
141 |
+global gdb_prompt
|
|
yann@570
|
142 |
+global timeout
|
|
yann@570
|
143 |
+global gdb_spawn_id;
|
|
yann@570
|
144 |
+
|
|
yann@570
|
145 |
+gdb_stop_suppressing_tests;
|
|
yann@570
|
146 |
+
|
|
yann@570
|
147 |
+verbose "Spawning $GDB -nw"
|
|
yann@570
|
148 |
+
|
|
yann@570
|
149 |
+if [info exists gdb_spawn_id] {
|
|
yann@570
|
150 |
+ return 0;
|
|
yann@570
|
151 |
+}
|
|
yann@570
|
152 |
+
|
|
yann@570
|
153 |
+if ![is_remote host] {
|
|
yann@570
|
154 |
+ if { [which $GDB] == 0 } then {
|
|
yann@570
|
155 |
+ perror "$GDB does not exist."
|
|
yann@570
|
156 |
+ exit 1
|
|
yann@570
|
157 |
+ }
|
|
yann@570
|
158 |
+}
|
|
yann@570
|
159 |
+
|
|
yann@570
|
160 |
+set env(HOME) [pwd]
|
|
yann@570
|
161 |
+remote_exec build "rm .gdbinit"
|
|
yann@570
|
162 |
+remote_exec build "cp ${srcdir}/${subdir}/gdbinit.sample .gdbinit"
|
|
yann@570
|
163 |
+remote_exec build "chmod 646 .gdbinit"
|
|
yann@570
|
164 |
+
|
|
yann@570
|
165 |
+set res [remote_spawn host "$GDB -nw [host_info gdb_opts]"];
|
|
yann@570
|
166 |
+if { $res < 0 || $res == "" } {
|
|
yann@570
|
167 |
+ perror "Spawning $GDB failed."
|
|
yann@570
|
168 |
+ return 1;
|
|
yann@570
|
169 |
+}
|
|
yann@570
|
170 |
+gdb_expect 360 {
|
|
yann@570
|
171 |
+ -re "warning: not using untrusted file.*\.gdbinit.*\[\r\n\]$gdb_prompt $" {
|
|
yann@570
|
172 |
+ pass "untrusted .gdbinit caught."
|
|
yann@570
|
173 |
+ }
|
|
yann@570
|
174 |
+ -re "$gdb_prompt $" {
|
|
yann@570
|
175 |
+ fail "untrusted .gdbinit caught."
|
|
yann@570
|
176 |
+ }
|
|
yann@570
|
177 |
+ timeout {
|
|
yann@570
|
178 |
+ fail "(timeout) untrusted .gdbinit caught."
|
|
yann@570
|
179 |
+ }
|
|
yann@570
|
180 |
+}
|
|
yann@570
|
181 |
+
|
|
yann@570
|
182 |
+remote_exec build "chmod 644 .gdbinit"
|
|
yann@570
|
183 |
+set res [remote_spawn host "$GDB -nw [host_info gdb_opts]"];
|
|
yann@570
|
184 |
+if { $res < 0 || $res == "" } {
|
|
yann@570
|
185 |
+ perror "Spawning $GDB failed."
|
|
yann@570
|
186 |
+ return 1;
|
|
yann@570
|
187 |
+}
|
|
yann@570
|
188 |
+gdb_expect 360 {
|
|
yann@570
|
189 |
+ -re "warning: not using untrusted file.*\.gdbinit.*\[\r\n\]$gdb_prompt $" {
|
|
yann@570
|
190 |
+ fail "trusted .gdbinit allowed."
|
|
yann@570
|
191 |
+ }
|
|
yann@570
|
192 |
+ -re "in gdbinit.*$gdb_prompt $" {
|
|
yann@570
|
193 |
+ pass "trusted .gdbinit allowed."
|
|
yann@570
|
194 |
+ }
|
|
yann@570
|
195 |
+ timeout {
|
|
yann@570
|
196 |
+ fail "(timeout) trusted .gdbinit allowed."
|
|
yann@570
|
197 |
+ }
|
|
yann@570
|
198 |
+}
|
|
yann@570
|
199 |
+
|
|
yann@570
|
200 |
+remote_exec build "rm .gdbinit"
|
|
yann@570
|
201 |
diff -durN gdb-6.8.orig/gdb/testsuite/gdb.base/gdbinit.sample gdb-6.8/gdb/testsuite/gdb.base/gdbinit.sample
|
|
yann@570
|
202 |
--- gdb-6.8.orig/gdb/testsuite/gdb.base/gdbinit.sample 1970-01-01 01:00:00.000000000 +0100
|
|
yann@570
|
203 |
+++ gdb-6.8/gdb/testsuite/gdb.base/gdbinit.sample 2008-06-17 16:07:33.000000000 +0200
|
|
yann@570
|
204 |
@@ -0,0 +1 @@
|
|
yann@570
|
205 |
+echo "\nin gdbinit"
|