http://sourceware.org/ml/gdb-patches/2012-05/msg00303.html Subject: Re: [patch 1/2] Provide $ddir substitution for --with-auto-load-safe-path On Wed, 09 May 2012 19:41:08 +0200, Eli Zaretskii wrote: > Okay with that. Thanks. Updated just the doc. Thanks, Jan gdb/ 2012-05-09 Jan Kratochvil Provide $ddir substitution for --with-auto-load-safe-path. * NEWS (--with-auto-load-safe-path, --without-auto-load-safe-path): New entries. * auto-load.c: Include observer.h. (auto_load_safe_path_vec_update): Call substitute_path_component for each component. New variable ddir_subst. (auto_load_gdb_datadir_changed): New function. (set_auto_load_safe_path): Rename DEFAULT_AUTO_LOAD_SAFE_PATH to AUTO_LOAD_SAFE_PATH. New comment. (_initialize_auto_load): Rename DEFAULT_AUTO_LOAD_SAFE_PATH to AUTO_LOAD_SAFE_PATH. Install auto_load_gdb_datadir_changed. * config.in: Regenerate. * configure: Regenerate. * configure.ac (--auto-load-safe-path): Rename DEFAULT_AUTO_LOAD_SAFE_PATH to AUTO_LOAD_SAFE_PATH. Default to GDB_DATADIR/auto-load. * defs.h (substitute_path_component): New declaration. * top.c: Include observer.h. (set_gdb_datadir): New function. (init_main): Install it for "set data-directory". * utils.c (substitute_path_component): New function. gdb/doc/ 2012-05-09 Jan Kratochvil Provide $ddir substitution for --with-auto-load-safe-path. * gdb.texinfo (Auto-loading): Replace /usr/local by $ddir/auto-load. (Auto-loading safe path): Likewise. Mention the default value, $ddir substitution, --with-auto-load-safe-path and --without-auto-load-safe-path. * observer.texi (gdb_datadir_changed): New. Index: gdb-7.4.50.20120120/gdb/NEWS =================================================================== --- gdb-7.4.50.20120120.orig/gdb/NEWS 2012-05-09 22:13:58.000000000 +0200 +++ gdb-7.4.50.20120120/gdb/NEWS 2012-05-09 22:14:29.091183190 +0200 @@ -76,6 +76,17 @@ set debug auto-load on|off show debug auto-load Control display of debugging info for auto-loading the files above. +* New configure options + +--with-auto-load-safe-path + Configure default value for the 'set auto-load safe-path' setting + above. It defaults to '$ddir/auto-load', $ddir representing the value + of configure option --with-gdb-datadir. + +--without-auto-load-safe-path + Set 'set auto-load safe-path' to '/', effectively disabling this + security feature. + * New command line options --init-command=FILE, -ix Like --command, -x but execute it Index: gdb-7.4.50.20120120/gdb/auto-load.c =================================================================== --- gdb-7.4.50.20120120.orig/gdb/auto-load.c 2012-05-09 22:13:58.000000000 +0200 +++ gdb-7.4.50.20120120/gdb/auto-load.c 2012-05-09 22:14:04.812222226 +0200 @@ -35,6 +35,7 @@ #include "gdb_vecs.h" #include "readline/tilde.h" #include "completer.h" +#include "observer.h" /* The suffix of per-objfile scripts to auto-load as non-Python command files. E.g. When the program loads libfoo.so, look for libfoo-gdb.gdb. */ @@ -141,10 +142,16 @@ auto_load_safe_path_vec_update (void) for (ix = 0; ix < len; ix++) { char *dir = VEC_index (char_ptr, auto_load_safe_path_vec, ix); - char *expanded = tilde_expand (dir); - char *real_path = gdb_realpath (expanded); + char *ddir_subst, *expanded, *real_path; - /* Ensure the current entry is at least tilde_expand-ed. */ + ddir_subst = xstrdup (dir); + substitute_path_component (&ddir_subst, "$ddir", gdb_datadir); + expanded = tilde_expand (ddir_subst); + xfree (ddir_subst); + real_path = gdb_realpath (expanded); + + /* Ensure the current entry is at least a valid path (therefore + $ddir-expanded and tilde-expanded). */ VEC_replace (char_ptr, auto_load_safe_path_vec, ix, expanded); if (debug_auto_load) @@ -176,15 +183,24 @@ auto_load_safe_path_vec_update (void) } } +/* Variable gdb_datadir has been set. Update content depending on $ddir. */ + +static void +auto_load_gdb_datadir_changed (void) +{ + auto_load_safe_path_vec_update (); +} + /* "set" command for the auto_load_safe_path configuration variable. */ static void set_auto_load_safe_path (char *args, int from_tty, struct cmd_list_element *c) { + /* Setting the variable to "" resets it to the compile time defaults. */ if (auto_load_safe_path[0] == '\0') { xfree (auto_load_safe_path); - auto_load_safe_path = xstrdup (DEFAULT_AUTO_LOAD_SAFE_PATH); + auto_load_safe_path = xstrdup (AUTO_LOAD_SAFE_PATH); } auto_load_safe_path_vec_update (); @@ -1040,7 +1056,7 @@ This options has security implications f Usage: info auto-load local-gdbinit"), auto_load_info_cmdlist_get ()); - auto_load_safe_path = xstrdup (DEFAULT_AUTO_LOAD_SAFE_PATH); + auto_load_safe_path = xstrdup (AUTO_LOAD_SAFE_PATH); auto_load_safe_path_vec_update (); add_setshow_optional_filename_cmd ("safe-path", class_support, &auto_load_safe_path, _("\ @@ -1058,6 +1074,7 @@ This options has security implications f show_auto_load_safe_path, auto_load_set_cmdlist_get (), auto_load_show_cmdlist_get ()); + observer_attach_gdb_datadir_changed (auto_load_gdb_datadir_changed); cmd = add_cmd ("add-auto-load-safe-path", class_support, add_auto_load_safe_path, Index: gdb-7.4.50.20120120/gdb/config.in =================================================================== --- gdb-7.4.50.20120120.orig/gdb/config.in 2012-05-09 22:13:58.000000000 +0200 +++ gdb-7.4.50.20120120/gdb/config.in 2012-05-09 22:14:04.812222226 +0200 @@ -7,6 +7,9 @@ /* Define if building universal (internal helper macro) */ #undef AC_APPLE_UNIVERSAL_BUILD +/* Directories safe to hold auto-loaded files. */ +#undef AUTO_LOAD_SAFE_PATH + /* Directory of programs. */ #undef BINDIR @@ -43,9 +46,6 @@ moved. */ #undef DEBUGDIR_RELOCATABLE -/* Directories safe to hold auto-loaded files. */ -#undef DEFAULT_AUTO_LOAD_SAFE_PATH - /* Define to BFD's default architecture. */ #undef DEFAULT_BFD_ARCH Index: gdb-7.4.50.20120120/gdb/configure =================================================================== --- gdb-7.4.50.20120120.orig/gdb/configure 2012-05-09 22:13:58.000000000 +0200 +++ gdb-7.4.50.20120120/gdb/configure 2012-05-09 22:16:19.877005083 +0200 @@ -1668,7 +1668,8 @@ Optional Packages: --with-rpm query rpm database for missing debuginfos (yes/no, def. auto=librpm.so) --with-auto-load-safe-path=PATH - directories safe to hold auto-loaded files + directories safe to hold auto-loaded files, use + $ddir for --with-gdb-datadir path [$ddir/auto-load] --without-auto-load-safe-path do not restrict auto-loaded files locations --with-libunwind use libunwind frame unwinding support @@ -8488,20 +8489,21 @@ $as_echo_n "checking for default auto-lo # Check whether --with-auto-load-safe-path was given. if test "${with_auto_load_safe_path+set}" = set; then : withval=$with_auto_load_safe_path; if test "$with_auto_load_safe_path" = "no"; then - with_auto_load_safe_path="/" - fi + with_auto_load_safe_path="/" + fi else - with_auto_load_safe_path="$prefix" + with_auto_load_safe_path='$ddir/auto-load' fi +escape_dir=`echo $with_auto_load_safe_path | sed 's/[$]ddir\>/\\\\\\\\\\\\&/g'` test "x$prefix" = xNONE && prefix="$ac_default_prefix" test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' - ac_define_dir=`eval echo $with_auto_load_safe_path` + ac_define_dir=`eval echo $escape_dir` ac_define_dir=`eval echo $ac_define_dir` cat >>confdefs.h <<_ACEOF -#define DEFAULT_AUTO_LOAD_SAFE_PATH "$ac_define_dir" +#define AUTO_LOAD_SAFE_PATH "$ac_define_dir" _ACEOF Index: gdb-7.4.50.20120120/gdb/configure.ac =================================================================== --- gdb-7.4.50.20120120.orig/gdb/configure.ac 2012-05-09 22:13:58.000000000 +0200 +++ gdb-7.4.50.20120120/gdb/configure.ac 2012-05-09 22:16:10.592020012 +0200 @@ -341,13 +341,16 @@ fi AC_MSG_CHECKING([for default auto-load safe-path]) AC_ARG_WITH(auto-load-safe-path, -AS_HELP_STRING([--with-auto-load-safe-path=PATH], [directories safe to hold auto-loaded files]) -AS_HELP_STRING([--without-auto-load-safe-path], [do not restrict auto-loaded files locations]), -[if test "$with_auto_load_safe_path" = "no"; then - with_auto_load_safe_path="/" - fi], -[with_auto_load_safe_path="$prefix"]) -AC_DEFINE_DIR(DEFAULT_AUTO_LOAD_SAFE_PATH, with_auto_load_safe_path, +AS_HELP_STRING([--with-auto-load-safe-path=PATH], + [directories safe to hold auto-loaded files, use $ddir for --with-gdb-datadir path @<:@$ddir/auto-load@:>@]) +AS_HELP_STRING([--without-auto-load-safe-path], + [do not restrict auto-loaded files locations]), + [if test "$with_auto_load_safe_path" = "no"; then + with_auto_load_safe_path="/" + fi], +[with_auto_load_safe_path='$ddir/auto-load']) +escape_dir=`echo $with_auto_load_safe_path | sed 's/[[$]]ddir\>/\\\\\\\\\\\\&/g'` +AC_DEFINE_DIR(AUTO_LOAD_SAFE_PATH, escape_dir, [Directories safe to hold auto-loaded files.]) AC_MSG_RESULT([$with_auto_load_safe_path]) Index: gdb-7.4.50.20120120/gdb/defs.h =================================================================== --- gdb-7.4.50.20120120.orig/gdb/defs.h 2012-05-09 22:13:57.000000000 +0200 +++ gdb-7.4.50.20120120/gdb/defs.h 2012-05-09 22:14:04.816222220 +0200 @@ -442,6 +442,9 @@ extern struct cleanup *make_bpstat_clear extern int producer_is_gcc_ge_4 (const char *producer); +extern void substitute_path_component (char **stringp, const char *from, + const char *to); + #ifdef HAVE_WAITPID extern pid_t wait_to_die_with_timeout (pid_t pid, int *status, int timeout); #endif Index: gdb-7.4.50.20120120/gdb/doc/gdb.texinfo =================================================================== --- gdb-7.4.50.20120120.orig/gdb/doc/gdb.texinfo 2012-05-09 22:13:58.000000000 +0200 +++ gdb-7.4.50.20120120/gdb/doc/gdb.texinfo 2012-05-09 22:16:43.759966688 +0200 @@ -20803,7 +20803,7 @@ local-gdbinit: Auto-loading of .gdbinit is on. python-scripts: Auto-loading of Python scripts is on. safe-path: List of directories from which it is safe to auto-load files - is /usr/local. + is $ddir/auto-load. @end smallexample @anchor{info auto-load} @@ -21006,9 +21006,9 @@ get loaded: $ ./gdb -q ./gdb Reading symbols from /home/user/gdb/gdb...done. warning: File "/home/user/gdb/gdb-gdb.gdb" auto-loading has been - declined by your `auto-load safe-path' set to "/usr/local". + declined by your `auto-load safe-path' set to "$ddir/auto-load". warning: File "/home/user/gdb/gdb-gdb.py" auto-loading has been - declined by your `auto-load safe-path' set to "/usr/local". + declined by your `auto-load safe-path' set to "$ddir/auto-load". @end smallexample The list of trusted directories is controlled by the following commands: @@ -21040,7 +21040,18 @@ loading and execution of scripts. Multi host platform directory separator in use. @end table -Setting this variable to @file{/} disables this security protection. +This variable defaults to @file{$ddir/auto-load}. The default @code{set +auto-load safe-path} value can be also overriden by @value{GDBN} configuration +option @option{--with-auto-load-safe-path}. + +Any used string @file{$ddir} will get replaced by @var{data-directory} which is +determined at @value{GDBN} startup (@pxref{Data Files}). @file{$ddir} must be +be placed as a directory component --- either alone or delimited by @file{/} or +@file{\} directory separators, depending on the host platform. + +Setting this variable to @file{/} disables this security protection, +corresponding @value{GDBN} configuration option is +@option{--without-auto-load-safe-path}. This variable is supposed to be set to the system directories writable by the system superuser only. Users can add their source directories in init files in their home directories (@pxref{Home Directory Init File}). See also deprecated Index: gdb-7.4.50.20120120/gdb/doc/observer.texi =================================================================== --- gdb-7.4.50.20120120.orig/gdb/doc/observer.texi 2012-05-09 22:13:56.000000000 +0200 +++ gdb-7.4.50.20120120/gdb/doc/observer.texi 2012-05-09 22:17:04.118933948 +0200 @@ -231,6 +231,10 @@ the current top-level prompt. @c collector pass. Currently only @code{type_mark_used} marker is supported. @c @end deftypefun +@deftypefun void gdb_datadir_changed (void) +Variable gdb_datadir has been set. The value may not necessarily change. +@end deftypefun + @deftypefun void test_notification (int @var{somearg}) This observer is used for internal testing. Do not use. See testsuite/gdb.gdb/observer.exp. Index: gdb-7.4.50.20120120/gdb/top.c =================================================================== --- gdb-7.4.50.20120120.orig/gdb/top.c 2012-05-09 22:13:57.000000000 +0200 +++ gdb-7.4.50.20120120/gdb/top.c 2012-05-09 22:14:04.823222208 +0200 @@ -47,6 +47,7 @@ #include "gdbthread.h" #include "python/python.h" #include "interps.h" +#include "observer.h" /* readline include files. */ #include "readline/readline.h" @@ -1561,6 +1562,15 @@ show_exec_done_display_p (struct ui_file "asynchronous execution commands is %s.\n"), value); } + +/* "set" command for the gdb_datadir configuration variable. */ + +static void +set_gdb_datadir (char *args, int from_tty, struct cmd_list_element *c) +{ + observer_notify_gdb_datadir_changed (); +} + static void init_main (void) { @@ -1668,7 +1678,7 @@ Use \"on\" to enable the notification, a _("Show GDB's data directory."), _("\ When set, GDB uses the specified path to search for data files."), - NULL, NULL, + set_gdb_datadir, NULL, &setlist, &showlist); } Index: gdb-7.4.50.20120120/gdb/utils.c =================================================================== --- gdb-7.4.50.20120120.orig/gdb/utils.c 2012-05-09 22:13:57.000000000 +0200 +++ gdb-7.4.50.20120120/gdb/utils.c 2012-05-09 22:14:04.824222206 +0200 @@ -3925,6 +3925,48 @@ dirnames_to_char_ptr_vec (const char *di return retval; } +/* Substitute all occurences of string FROM by string TO in *STRINGP. *STRINGP + must come from xrealloc-compatible allocator and it may be updated. FROM + needs to be delimited by IS_DIR_SEPARATOR (or be located at the start or + end of *STRINGP. */ + +void +substitute_path_component (char **stringp, const char *from, const char *to) +{ + char *string = *stringp, *s; + const size_t from_len = strlen (from); + const size_t to_len = strlen (to); + + for (s = string;;) + { + s = strstr (s, from); + if (s == NULL) + break; + + if ((s == string || IS_DIR_SEPARATOR (s[-1])) + && (s[from_len] == '\0' || IS_DIR_SEPARATOR (s[from_len]))) + { + char *string_new; + + string_new = xrealloc (string, (strlen (string) + to_len + 1)); + + /* Relocate the current S pointer. */ + s = s - string + string_new; + string = string_new; + + /* Replace from by to. */ + memmove (&s[to_len], &s[from_len], strlen (&s[from_len]) + 1); + memcpy (s, to, to_len); + + s += to_len; + } + else + s++; + } + + *stringp = string; +} + #ifdef HAVE_WAITPID #ifdef SIGALRM