Package: gdb
Version: 5.3.20030824-1.1.200309101352
Severity: important
Tags: security patch
[I don't think this is RC by itself, but it would be nice if it could be fixed
along with 309677]
gdb loads .gdbinit from the current working directory, so it might be possible
to trick someone into using gdb in a specific directory, which contains a
crafted .gdbinit that executes arbitrary commands.
For full details please see
http://sources.redhat.com/cgi-bin/gnatsweb.pl?cmd=view%20audit-trail&database=gdb&pr=1908
It contains attached patch.
Cheers,
Moritz
-- System Information:
Debian Release: 3.0
Architecture: i386
Kernel: Linux anton 2.4.29-univention.1 #1 SMP Thu Jan 27 17:08:46 CET 2005 i686
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED]
Versions of packages gdb depends on:
ii libc6 2.3.2-9 GNU C Library: Shared libraries an
ii libncurses 5.3.20030719-2.2.200309040925 Shared libraries for terminal hand
ii libreadlin 4.3-5.1.200309040826 GNU readline and history libraries
-- debconf-show failed
--- gdb/main.c.orig 2005-04-08 18:21:50.000000000 -0400
+++ gdb/main.c 2005-04-08 18:50:58.000000000 -0400
@@ -693,7 +693,7 @@
if (!homedir
|| memcmp ((char *) &homebuf, (char *) &cwdbuf, sizeof (struct stat)))
- if (!inhibit_gdbinit)
+ if (!inhibit_gdbinit && (cwdbuf.st_uid == getuid()) && (!cwdbuf.st_mode &
(S_IWOTH)))
{
catch_command_errors (source_command, gdbinit, 0, RETURN_MASK_ALL);
}