Package: gdb
Version: 5.3.20030824-1.1.200309101352
Severity: important
Tags: security patch

[I don't think this is RC by itself, but it would be nice if it could be fixed
 along with 309677]

gdb loads .gdbinit from the current working directory, so it might be possible
to trick someone into using gdb in a specific directory, which contains a
crafted .gdbinit that executes arbitrary commands.

For full details please see
http://sources.redhat.com/cgi-bin/gnatsweb.pl?cmd=view%20audit-trail&database=gdb&pr=1908

It contains attached patch.

Cheers,
         Moritz

-- System Information:
Debian Release: 3.0
Architecture: i386
Kernel: Linux anton 2.4.29-univention.1 #1 SMP Thu Jan 27 17:08:46 CET 2005 i686
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED]

Versions of packages gdb depends on:
ii  libc6      2.3.2-9                       GNU C Library: Shared libraries an
ii  libncurses 5.3.20030719-2.2.200309040925 Shared libraries for terminal hand
ii  libreadlin 4.3-5.1.200309040826          GNU readline and history libraries

-- debconf-show failed

--- gdb/main.c.orig     2005-04-08 18:21:50.000000000 -0400
+++ gdb/main.c  2005-04-08 18:50:58.000000000 -0400
@@ -693,7 +693,7 @@
 
   if (!homedir
       || memcmp ((char *) &homebuf, (char *) &cwdbuf, sizeof (struct stat)))
-    if (!inhibit_gdbinit)
+    if (!inhibit_gdbinit && (cwdbuf.st_uid == getuid()) && (!cwdbuf.st_mode & 
(S_IWOTH)))
       {
        catch_command_errors (source_command, gdbinit, 0, RETURN_MASK_ALL);
       }

Reply via email to