gdb: Auto-loading safe path
22.8.3 Security restriction for auto-loading
--------------------------------------------
As the files of inferior can come from untrusted source (such as
submitted by an application user) GDB does not always load any files
automatically. GDB provides the 'set auto-load safe-path' setting to
list directories trusted for loading files not explicitly requested by
user. Each directory can also be a shell wildcard pattern.
If the path is not set properly you will see a warning and the file
will not get loaded:
$ ./gdb -q ./gdb
Reading symbols from /home/user/gdb/gdb...done.
warning: File "/home/user/gdb/gdb-gdb.gdb" auto-loading has been
declined by your `auto-load safe-path' set
to "$debugdir:$datadir/auto-load".
warning: File "/home/user/gdb/gdb-gdb.py" auto-loading has been
declined by your `auto-load safe-path' set
to "$debugdir:$datadir/auto-load".
To instruct GDB to go ahead and use the init files anyway, invoke GDB
like this:
$ gdb -q -iex "set auto-load safe-path /home/user/gdb" ./gdb
The list of trusted directories is controlled by the following
commands:
'set auto-load safe-path [DIRECTORIES]'
Set the list of directories (and their subdirectories) trusted for
automatic loading and execution of scripts. You can also enter a
specific trusted file. Each directory can also be a shell wildcard
pattern; wildcards do not match directory separator - see
'FNM_PATHNAME' for system function 'fnmatch' (fnmatch
(libc)Wildcard Matching.). If you omit DIRECTORIES, 'auto-load
safe-path' will be reset to its default value as specified during
GDB compilation.
The list of directories uses path separator (':' on GNU and Unix
systems, ';' on MS-Windows and MS-DOS) to separate directories,
similarly to the 'PATH' environment variable.
'show auto-load safe-path'
Show the list of directories trusted for automatic loading and
execution of scripts.
'add-auto-load-safe-path'
Add an entry (or list of entries) to the list of directories
trusted for automatic loading and execution of scripts. Multiple
entries may be delimited by the host platform path separator in
use.
This variable defaults to what '--with-auto-load-dir' has been
configured to (with-auto-load-dir). '$debugdir' and '$datadir'
substitution applies the same as for set auto-load
scripts-directory. The default 'set auto-load safe-path' value can be
also overriden by GDB configuration option '--with-auto-load-safe-path'.
Setting this variable to '/' disables this security protection,
corresponding GDB configuration option is
'--without-auto-load-safe-path'. This variable is supposed to be set to
the system directories writable by the system superuser only. Users can
add their source directories in init files in their home directories
(Home Directory Init File). See also deprecated init file in
the current directory (Init File in the Current Directory during
Startup).
To force GDB to load the files it declined to load in the previous
example, you could use one of the following ways:
'~/.gdbinit': 'add-auto-load-safe-path ~/src/gdb'
Specify this trusted directory (or a file) as additional component
of the list. You have to specify also any existing directories
displayed by by 'show auto-load safe-path' (such as '/usr:/bin' in
this example).
'gdb -iex "set auto-load safe-path /usr:/bin:~/src/gdb" ...'
Specify this directory as in the previous case but just for a
single GDB session.
'gdb -iex "set auto-load safe-path /" ...'
Disable auto-loading safety for a single GDB session. This assumes
all the files you debug during this GDB session will come from
trusted sources.
'./configure --without-auto-load-safe-path'
During compilation of GDB you may disable any auto-loading safety.
This assumes all the files you will ever debug with this GDB come
from trusted sources.
On the other hand you can also explicitly forbid automatic files
loading which also suppresses any such warning messages:
'gdb -iex "set auto-load no" ...'
You can use GDB command-line option for a single GDB session.
'~/.gdbinit': 'set auto-load no'
Disable auto-loading globally for the user (Home Directory
Init File). While it is improbable, you could also use system
init file instead (System-wide configuration).
This setting applies to the file names as entered by user. If no
entry matches GDB tries as a last resort to also resolve all the file
names into their canonical form (typically resolving symbolic links) and
compare the entries again. GDB already canonicalizes most of the
filenames on its own before starting the comparison so a canonical form
of directories is recommended to be entered.