* Info Catalog Prev gdb: libthread_db Up gdb: Auto-loading Next gdb: Auto-loading verbose mode

gdb: Auto-loading safe path

 
 22.8.3 Security restriction for auto-loading
 --------------------------------------------
 
 As the files of inferior can come from untrusted source (such as
 submitted by an application user) GDB does not always load any files
 automatically.  GDB provides the 'set auto-load safe-path' setting to
 list directories trusted for loading files not explicitly requested by
 user.  Each directory can also be a shell wildcard pattern.
 
    If the path is not set properly you will see a warning and the file
 will not get loaded:
 
      $ ./gdb -q ./gdb
      Reading symbols from /home/user/gdb/gdb...done.
      warning: File "/home/user/gdb/gdb-gdb.gdb" auto-loading has been
               declined by your `auto-load safe-path' set
               to "$debugdir:$datadir/auto-load".
      warning: File "/home/user/gdb/gdb-gdb.py" auto-loading has been
               declined by your `auto-load safe-path' set
               to "$debugdir:$datadir/auto-load".
 
 To instruct GDB to go ahead and use the init files anyway, invoke GDB
 like this:
 
      $ gdb -q -iex "set auto-load safe-path /home/user/gdb" ./gdb
 
    The list of trusted directories is controlled by the following
 commands:
 
 'set auto-load safe-path [DIRECTORIES]'
      Set the list of directories (and their subdirectories) trusted for
      automatic loading and execution of scripts.  You can also enter a
      specific trusted file.  Each directory can also be a shell wildcard
      pattern; wildcards do not match directory separator - see
      'FNM_PATHNAME' for system function 'fnmatch' (Seefnmatch
      (libc)Wildcard Matching.).  If you omit DIRECTORIES, 'auto-load
      safe-path' will be reset to its default value as specified during
      GDB compilation.
 
      The list of directories uses path separator (':' on GNU and Unix
      systems, ';' on MS-Windows and MS-DOS) to separate directories,
      similarly to the 'PATH' environment variable.
 
 'show auto-load safe-path'
      Show the list of directories trusted for automatic loading and
      execution of scripts.
 
 'add-auto-load-safe-path'
      Add an entry (or list of entries) to the list of directories
      trusted for automatic loading and execution of scripts.  Multiple
      entries may be delimited by the host platform path separator in
      use.
 
    This variable defaults to what '--with-auto-load-dir' has been
 configured to (Seewith-auto-load-dir).  '$debugdir' and '$datadir'
 substitution applies the same as for Seeset auto-load
 scripts-directory.  The default 'set auto-load safe-path' value can be
 also overriden by GDB configuration option '--with-auto-load-safe-path'.
 
    Setting this variable to '/' disables this security protection,
 corresponding GDB configuration option is
 '--without-auto-load-safe-path'.  This variable is supposed to be set to
 the system directories writable by the system superuser only.  Users can
 add their source directories in init files in their home directories
 (SeeHome Directory Init File).  See also deprecated init file in
 the current directory (SeeInit File in the Current Directory during
 Startup).
 
    To force GDB to load the files it declined to load in the previous
 example, you could use one of the following ways:
 
 '~/.gdbinit': 'add-auto-load-safe-path ~/src/gdb'
      Specify this trusted directory (or a file) as additional component
      of the list.  You have to specify also any existing directories
      displayed by by 'show auto-load safe-path' (such as '/usr:/bin' in
      this example).
 
 'gdb -iex "set auto-load safe-path /usr:/bin:~/src/gdb" ...'
      Specify this directory as in the previous case but just for a
      single GDB session.
 
 'gdb -iex "set auto-load safe-path /" ...'
      Disable auto-loading safety for a single GDB session.  This assumes
      all the files you debug during this GDB session will come from
      trusted sources.
 
 './configure --without-auto-load-safe-path'
      During compilation of GDB you may disable any auto-loading safety.
      This assumes all the files you will ever debug with this GDB come
      from trusted sources.
 
    On the other hand you can also explicitly forbid automatic files
 loading which also suppresses any such warning messages:
 
 'gdb -iex "set auto-load no" ...'
      You can use GDB command-line option for a single GDB session.
 
 '~/.gdbinit': 'set auto-load no'
      Disable auto-loading globally for the user (SeeHome Directory
      Init File).  While it is improbable, you could also use system
      init file instead (SeeSystem-wide configuration).
 
    This setting applies to the file names as entered by user.  If no
 entry matches GDB tries as a last resort to also resolve all the file
 names into their canonical form (typically resolving symbolic links) and
 compare the entries again.  GDB already canonicalizes most of the
 filenames on its own before starting the comparison so a canonical form
 of directories is recommended to be entered.
* Info Catalog Prev gdb: libthread_db Up gdb: Auto-loading Next gdb: Auto-loading verbose mode