GDB | Auto-Load Safe-Path Declined

More GDB shenanigans today, as kindly pointed out by one of my readers – thank you Laurent!

Did you know that as of GDB version 7.5 (Aug 2012), there is a new security feature in place that prevents GDB from looking in “non-trusted” directories for the super-useful .gdbinit file?

[For more on the usefulness of .gdbinit files, see here.]

If you’re used to using .gdbinit files to save you typing in commands over and over again, you might be perplexed when faced with an error that looks a little bit like this:

warning: File "/home/faye/workspace/todo/Debug/.gdbinit" auto-loading 
 has been declined by your `auto-load safe-path' set to 
 "$debugdir:$datadir/auto-load:/usr/bin/mono-gdb.py". 
To enable execution of this file add 
add-auto-load-safe-path /home/faye/workspace/todo/Debug/.gdbinit 
line to your configuration file "/home/faye/.gdbinit". 
To completely disable this security protection add 
set auto-load safe-path / 
line to your configuration file "/home/faye/.gdbinit". 
For more information about this security protection see the 
"Auto-loading safe path" section in the GDB manual. E.g., run from the shell:
info "(gdb)Auto-loading safe path"

The error above is specifically telling me that there is a .gdbinit config file in my /home/faye/workspace/todo/Debug folder that will not be loaded.

Why?

:gallic shrug:

Just because. You can’t be too careful with security, right?

Anyway, what is important is that .gdbinit files in your home directory (and your home directory only) are still loaded.

It’s only files in other locations that are considered potentially problematic.

There are a couple of easy solutions to this:

 

1) You can add the line:

set auto-load safe-path /

To your home directory’s .gdbinit file. This will override ALL security and GDB will ALWAYS open a .gdbinit file if it finds one. If you are developing on your own machine, or a secure machine (however you would like to define that), then this is probably the quickest and easiest solution.

 

2) If you want to be a little more careful, you can add the directories individually to your home directory’s .gdbinit file:

set auto-load safe-path /home/faye/workspace/todo/Debug

Or you can say that ALL sub-paths under your home directory are OK:

set auto-load safe-path /home/faye

 

3) Finally, you can pass a path in on start-up:

gdb -iex "set auto-load safe-path /path/to/.gdbinit/file"

 

If you want to see all the trusted paths, just type:

show auto-load safe-path

 

Happy debugging!


One Comment

  1. Laurent
    Posted 24 February 2014 at 19:05 | Permalink

    Thank you for the quick feedback.
    Nice thing to do a separate post for that, security matters worth better explanation than the simple one I put on my comment on the other post.
    I’ll definitively read your other posts ;).