http://sourceware.org/ml/gdb-patches/2012-05/msg00477.html Subject: [patch+doc 2/2] auto-load: Fix default /usr/lib/debug/ loading Hi, with recent security fix to use only $datadir/auto-load/ directory instead of anything under $prefix/ (which contains insecure $prefix/tmp/ etc.) it introduced a regression that GDB's default --with-separate-debug-dir would no longer be secure; which IMO can be assumed as secure. This is because I forgot to move into 'set auto-load scripts-directory' (and 'safe-path') also debug-file-diretory; besides $datadir/auto-load which I have moved there. To also solve the problem with relocatability and make it configurable I just introduce besides $datadir now also $debugdir and add it into default 'set auto-load scripts-directory'. It also IMO makes it more clear what everything is being auto-loaded in: (gdb) show auto-load gdb-scripts: Auto-loading of canned sequences of commands scripts is on. libthread-db: Auto-loading of inferior specific libthread_db is on. local-gdbinit: Auto-loading of .gdbinit script from current directory is on. python-scripts: Auto-loading of Python scripts is on. safe-path: List of directories from which it is safe to auto-load files is $debugdir:$datadir/auto-load. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ scripts-directory: List of directories from which to load auto-loaded scripts is $debugdir:$datadir/auto-load. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ No regressions on {x86_64,x86_64-m32,i686}-fedora17-linux-gnu. I find it more just a bugfix of a regression by myself. Thanks, Jan gdb/ 2012-05-12 Jan Kratochvil * NEWS (--with-auto-load-dir): Prepend $debugdir to the default path. Describe it. * auto-load.c (auto_load_expand_dir_vars): New function. (auto_load_safe_path_vec_update): Use it, remove the substitute_path_component call thanks to it. (auto_load_objfile_script): Remove the debug_file_directory processing. Use auto_load_expand_dir_vars, remove the substitute_path_component call thanks to it. * configure: Regenerate. * configure.ac (--with-auto-load-dir): Prepend $debugdir to the default path. Escape $ also for $debugdir. (--with_auto_load_safe_path): Escape $ also for $debugdir. * utils.c (substitute_path_component): Accept also DIRNAME_SEPARATOR. gdb/doc/ 2012-05-12 Jan Kratochvil * gdb.texinfo (Separate Debug Files): New anchor debug-file-directory. Mention also --with-separate-debug-dir. (Auto-loading): Prepend $debugdir in the sample output. (Auto-loading safe path): Likewise. Mention also $debugdir for the auto-load safe-path variable. (objfile-gdb.py file): Remove the extra debug-file-directory paragraph. Mention also $debugdir for 'set auto-load scripts-directory'. Index: gdb-7.4.50.20120120/gdb/NEWS =================================================================== --- gdb-7.4.50.20120120.orig/gdb/NEWS 2012-05-14 14:24:20.000000000 +0200 +++ gdb-7.4.50.20120120/gdb/NEWS 2012-05-14 14:24:49.510422485 +0200 @@ -317,8 +317,10 @@ show trace-stop-notes --with-auto-load-dir Configure default value for the 'set auto-load scripts-directory' - setting above. It defaults to '$datadir/auto-load', $datadir - representing GDB's data directory (available via show data-directory). + setting above. It defaults to '$debugdir:$datadir/auto-load', + $debugdir representing global debugging info directories (available + via 'show debug-file-directory') and $datadir representing GDB's data + directory (available via 'show data-directory'). --with-auto-load-safe-path Configure default value for the 'set auto-load safe-path' setting Index: gdb-7.4.50.20120120/gdb/auto-load.c =================================================================== --- gdb-7.4.50.20120120.orig/gdb/auto-load.c 2012-05-14 14:24:20.000000000 +0200 +++ gdb-7.4.50.20120120/gdb/auto-load.c 2012-05-14 14:24:49.511422483 +0200 @@ -147,6 +147,30 @@ static char *auto_load_safe_path; counterpart. */ static VEC (char_ptr) *auto_load_safe_path_vec; +/* Expand $datadir and $debugdir in STRING according to the rules of + substitute_path_component. Return vector from dirnames_to_char_ptr_vec, + this vector must be freed by free_char_ptr_vec by the caller. */ + +static VEC (char_ptr) * +auto_load_expand_dir_vars (const char *string) +{ + VEC (char_ptr) *dir_vec; + char *s; + + s = xstrdup (string); + substitute_path_component (&s, "$datadir", gdb_datadir); + substitute_path_component (&s, "$debugdir", debug_file_directory); + + if (debug_auto_load && strcmp (s, string) != 0) + fprintf_unfiltered (gdb_stdlog, + _("auto-load: Expanded $-variables to \"%s\".\n"), s); + + dir_vec = dirnames_to_char_ptr_vec (s); + xfree(s); + + return dir_vec; +} + /* Update auto_load_safe_path_vec from current AUTO_LOAD_SAFE_PATH. */ static void @@ -163,7 +187,7 @@ auto_load_safe_path_vec_update (void) free_char_ptr_vec (auto_load_safe_path_vec); - auto_load_safe_path_vec = dirnames_to_char_ptr_vec (auto_load_safe_path); + auto_load_safe_path_vec = auto_load_expand_dir_vars (auto_load_safe_path); len = VEC_length (char_ptr, auto_load_safe_path_vec); /* Apply tilde_expand and gdb_realpath to each AUTO_LOAD_SAFE_PATH_VEC @@ -171,16 +195,10 @@ auto_load_safe_path_vec_update (void) for (ix = 0; ix < len; ix++) { char *dir = VEC_index (char_ptr, auto_load_safe_path_vec, ix); - char *ddir_subst, *expanded, *real_path; - - ddir_subst = xstrdup (dir); - substitute_path_component (&ddir_subst, "$datadir", gdb_datadir); - expanded = tilde_expand (ddir_subst); - xfree (ddir_subst); - real_path = gdb_realpath (expanded); + char *expanded = tilde_expand (dir); + char *real_path = gdb_realpath (expanded); - /* Ensure the current entry is at least a valid path (therefore - $datadir-expanded and tilde-expanded). */ + /* Ensure the current entry is at least tilde_expand-ed. */ VEC_replace (char_ptr, auto_load_safe_path_vec, ix, expanded); if (debug_auto_load) @@ -645,42 +663,6 @@ auto_load_objfile_script (struct objfile if (!input) { - char *debugdir; - VEC (char_ptr) *debugdir_vec; - int ix; - - debugdir_vec = dirnames_to_char_ptr_vec (debug_file_directory); - make_cleanup_free_char_ptr_vec (debugdir_vec); - - if (debug_auto_load) - fprintf_unfiltered (gdb_stdlog, - _("auto-load: Searching 'set debug-file-directory' " - "path \"%s\".\n"), - debug_file_directory); - - for (ix = 0; VEC_iterate (char_ptr, debugdir_vec, ix, debugdir); ++ix) - { - /* Also try the same file in the separate debug info directory. */ - debugfile = xmalloc (strlen (debugdir) + strlen (filename) + 1); - strcpy (debugfile, debugdir); - - /* FILENAME is absolute, so we don't need a "/" here. */ - strcat (debugfile, filename); - - make_cleanup (xfree, debugfile); - input = fopen (debugfile, "r"); - if (debug_auto_load) - fprintf_unfiltered (gdb_stdlog, _("auto-load: Attempted file " - "\"%s\" %s.\n"), - debugfile, - input ? _("exists") : _("does not exist")); - if (input != NULL) - break; - } - } - - if (!input) - { VEC (char_ptr) *vec; int ix; char *dir; @@ -688,7 +670,7 @@ auto_load_objfile_script (struct objfile /* Also try the same file in a subdirectory of gdb's data directory. */ - vec = dirnames_to_char_ptr_vec (auto_load_dir); + vec = auto_load_expand_dir_vars (auto_load_dir); make_cleanup_free_char_ptr_vec (vec); if (debug_auto_load) @@ -698,10 +680,8 @@ auto_load_objfile_script (struct objfile for (ix = 0; VEC_iterate (char_ptr, vec, ix, dir); ++ix) { - debugfile = xstrdup (dir); - substitute_path_component (&debugfile, "$datadir", gdb_datadir); - debugfile = xrealloc (debugfile, (strlen (debugfile) - + strlen (filename) + 1)); + debugfile = xmalloc (strlen (dir) + strlen (filename) + 1); + strcpy (debugfile, dir); /* FILENAME is absolute, so we don't need a "/" here. */ strcat (debugfile, filename); Index: gdb-7.4.50.20120120/gdb/configure =================================================================== --- gdb-7.4.50.20120120.orig/gdb/configure 2012-05-14 14:24:38.000000000 +0200 +++ gdb-7.4.50.20120120/gdb/configure 2012-05-14 14:24:55.856409977 +0200 @@ -1670,7 +1670,7 @@ Optional Packages: def. auto=librpm.so) --with-auto-load-dir=PATH directories from which to load auto-loaded scripts - [$datadir/auto-load] + [$debugdir:$datadir/auto-load] --with-auto-load-safe-path=PATH directories safe to hold auto-loaded files [--with-auto-load-dir] @@ -8494,10 +8494,10 @@ $as_echo_n "checking for default auto-lo if test "${with_auto_load_dir+set}" = set; then : withval=$with_auto_load_dir; else - with_auto_load_dir='$datadir/auto-load' + with_auto_load_dir='$debugdir:$datadir/auto-load' fi -escape_dir=`echo $with_auto_load_dir | sed 's/[$]datadir\>/\\\\\\\\\\\\&/g'` +escape_dir=`echo $with_auto_load_dir | sed 's/[$]\(datadir\|debugdir\)\>/\\\\\\\\\\\\&/g'` test "x$prefix" = xNONE && prefix="$ac_default_prefix" test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' @@ -8524,7 +8524,7 @@ else with_auto_load_safe_path="$with_auto_load_dir" fi -escape_dir=`echo $with_auto_load_safe_path | sed 's/[$]datadir\>/\\\\\\\\\\\\&/g'` +escape_dir=`echo $with_auto_load_safe_path | sed 's/[$]\(datadir\|debugdir\)\>/\\\\\\\\\\\\&/g'` test "x$prefix" = xNONE && prefix="$ac_default_prefix" test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' Index: gdb-7.4.50.20120120/gdb/configure.ac =================================================================== --- gdb-7.4.50.20120120.orig/gdb/configure.ac 2012-05-14 14:24:20.000000000 +0200 +++ gdb-7.4.50.20120120/gdb/configure.ac 2012-05-14 14:24:49.515422477 +0200 @@ -342,9 +342,9 @@ fi AC_MSG_CHECKING([for default auto-load directory]) AC_ARG_WITH(auto-load-dir, AS_HELP_STRING([--with-auto-load-dir=PATH], - [directories from which to load auto-loaded scripts @<:@$datadir/auto-load@:>@]),, - [with_auto_load_dir='$datadir/auto-load']) -escape_dir=`echo $with_auto_load_dir | sed 's/[[$]]datadir\>/\\\\\\\\\\\\&/g'` + [directories from which to load auto-loaded scripts @<:@$debugdir:$datadir/auto-load@:>@]),, + [with_auto_load_dir='$debugdir:$datadir/auto-load']) +escape_dir=`echo $with_auto_load_dir | sed 's/[[$]]\(datadir\|debugdir\)\>/\\\\\\\\\\\\&/g'` AC_DEFINE_DIR(AUTO_LOAD_DIR, escape_dir, [Directories from which to load auto-loaded scripts.]) AC_MSG_RESULT([$with_auto_load_dir]) @@ -359,7 +359,7 @@ AS_HELP_STRING([--without-auto-load-safe with_auto_load_safe_path="/" fi], [with_auto_load_safe_path="$with_auto_load_dir"]) -escape_dir=`echo $with_auto_load_safe_path | sed 's/[[$]]datadir\>/\\\\\\\\\\\\&/g'` +escape_dir=`echo $with_auto_load_safe_path | sed 's/[[$]]\(datadir\|debugdir\)\>/\\\\\\\\\\\\&/g'` AC_DEFINE_DIR(AUTO_LOAD_SAFE_PATH, escape_dir, [Directories safe to hold auto-loaded files.]) AC_MSG_RESULT([$with_auto_load_safe_path]) Index: gdb-7.4.50.20120120/gdb/doc/gdb.texinfo =================================================================== --- gdb-7.4.50.20120120.orig/gdb/doc/gdb.texinfo 2012-05-14 14:24:20.000000000 +0200 +++ gdb-7.4.50.20120120/gdb/doc/gdb.texinfo 2012-05-14 14:24:49.520422467 +0200 @@ -16028,8 +16028,11 @@ debug information files, in the indicate @file{/usr/lib/debug/usr/bin/ls.debug}. @end itemize -You can set the global debugging info directories, and view the -list @value{GDBN} is currently using. +@anchor{debug-file-directory} +Global debugging info directories default to what is set by @value{GDBN} +configure option @option{--with-separate-debug-dir}. During @value{GDBN} run +you can also set the global debugging info directories, and view the list +@value{GDBN} is currently using. @table @code @@ -20807,9 +20810,9 @@ local-gdbinit: Auto-loading of .gdbinit is on. python-scripts: Auto-loading of Python scripts is on. safe-path: List of directories from which it is safe to auto-load files - is $datadir/auto-load. + is $debugdir:$datadir/auto-load. scripts-directory: List of directories from which to load auto-loaded scripts - is $datadir/auto-load. + is $debugdir:$datadir/auto-load. @end smallexample @anchor{info auto-load} @@ -21025,9 +21028,11 @@ get loaded: $ ./gdb -q ./gdb Reading symbols from /home/user/gdb/gdb...done. warning: File "/home/user/gdb/gdb-gdb.gdb" auto-loading has been - declined by your `auto-load safe-path' set to "$datadir/auto-load". + declined by your `auto-load safe-path' set + to "$debugdir:$datadir/auto-load". warning: File "/home/user/gdb/gdb-gdb.py" auto-loading has been - declined by your `auto-load safe-path' set to "$datadir/auto-load". + declined by your `auto-load safe-path' set + to "$debugdir:$datadir/auto-load". @end smallexample The list of trusted directories is controlled by the following commands: @@ -21060,11 +21065,10 @@ host platform path separator in use. @end table This variable defaults to what @code{--with-auto-load-dir} has been configured -to (@pxref{with-auto-load-dir}). @file{$datadir} substituation applies the same -as for @xref{set auto-load scripts-directory}. -The default @code{set -auto-load safe-path} value can be also overriden by @value{GDBN} configuration -option @option{--with-auto-load-safe-path}. +to (@pxref{with-auto-load-dir}). @file{$debugdir} and @file{$datadir} +substituation applies the same as for @xref{set auto-load scripts-directory}. +The default @code{set auto-load safe-path} value can be also overriden by +@value{GDBN} configuration option @option{--with-auto-load-safe-path}. Setting this variable to @file{/} disables this security protection, corresponding @value{GDBN} configuration option is @@ -25158,12 +25162,7 @@ that the file name is absolute, followin @code{.} and @code{..} components. If this file exists and is readable, @value{GDBN} will evaluate it as a Python script. -If this file does not exist, and if the parameter -@code{debug-file-directory} is set (@pxref{Separate Debug Files}), -then @value{GDBN} will look for @var{script-name} in all of the -directories mentioned in the value of @code{debug-file-directory}. - -Finally, if this file does not exist, then @value{GDBN} will look for +If this file does not exist, then @value{GDBN} will look for @var{script-name} file in all of the directories as specified below. Note that loading of this script file also requires accordingly configured @@ -25181,12 +25180,14 @@ Each entry here needs to be covered also @code{set auto-load safe-path} (@pxref{set auto-load safe-path}). @anchor{with-auto-load-dir} -This variable defaults to @file{$datadir/auto-load}. The default @code{set -auto-load safe-path} value can be also overriden by @value{GDBN} configuration -option @option{--with-auto-load-dir}. - -Any used string @file{$datadir} will get replaced by @var{data-directory} which -is determined at @value{GDBN} startup (@pxref{Data Files}). @file{$datadir} +This variable defaults to @file{$debugdir:$datadir/auto-load}. The default +@code{set auto-load safe-path} value can be also overriden by @value{GDBN} +configuration option @option{--with-auto-load-dir}. + +Any used string @file{$debugdir} will get replaced by @var{debug-file-directory} +value (@pxref{Separate Debug Files}) and any used string @file{$datadir} will +get replaced by @var{data-directory} which is determined at @value{GDBN} startup +(@pxref{Data Files}). @file{$debugdir} and @file{$datadir} must be placed as a directory component --- either alone or delimited by @file{/} or @file{\} directory separators, depending on the host platform. Index: gdb-7.4.50.20120120/gdb/utils.c =================================================================== --- gdb-7.4.50.20120120.orig/gdb/utils.c 2012-05-14 14:24:11.000000000 +0200 +++ gdb-7.4.50.20120120/gdb/utils.c 2012-05-14 14:24:49.521422465 +0200 @@ -3927,8 +3927,8 @@ dirnames_to_char_ptr_vec (const char *di /* Substitute all occurences of string FROM by string TO in *STRINGP. *STRINGP must come from xrealloc-compatible allocator and it may be updated. FROM - needs to be delimited by IS_DIR_SEPARATOR (or be located at the start or - end of *STRINGP. */ + needs to be delimited by IS_DIR_SEPARATOR or DIRNAME_SEPARATOR (or be + located at the start or end of *STRINGP. */ void substitute_path_component (char **stringp, const char *from, const char *to) @@ -3943,8 +3943,10 @@ substitute_path_component (char **string if (s == NULL) break; - if ((s == string || IS_DIR_SEPARATOR (s[-1])) - && (s[from_len] == '\0' || IS_DIR_SEPARATOR (s[from_len]))) + if ((s == string || IS_DIR_SEPARATOR (s[-1]) + || s[-1] == DIRNAME_SEPARATOR) + && (s[from_len] == '\0' || IS_DIR_SEPARATOR (s[from_len]) + || s[from_len] == DIRNAME_SEPARATOR)) { char *string_new;