Bart De VOS pointed out that removing absolute paths from the libc linker scripts is plainly wrong.
It dates from dawn ages of the original crosstool code, and is not well explained. At that time, binutils might not understand the sysroot stuff, and it was necessary to remove absolute paths in that case.
/trunk/scripts/build/libc/glibc.sh | 14 2 12 0 ++------------
1 file changed, 2 insertions(+), 12 deletions(-)
1 Original patch from gentoo: gentoo/src/patchsets/gdb/6.7.1/35_all_gdb-6.3-security-errata-20050610.patch
2 -= BEGIN original header =-
3 2005-06-09 Jeff Johnston <jjohnstn@redhat.com>
5 * gdb.base/gdbinit.exp: New testcase.
6 * gdb.base/gdbinit.sample: Sample .gdbinit for gdbinit.exp.
8 2005-06-08 Daniel Jacobowitz <dan@codesourcery.com>
9 Jeff Johnston <jjohnstn@redhat.com>
11 * Makefile.in (cli-cmds.o): Update.
12 * configure.in: Add check for getuid.
13 * configure: Regenerated.
15 * main.c (captured_main): Pass -1 to source_command when loading
17 * cli/cli-cmds.c: Include "gdb_stat.h" and <fcntl.h>.
18 (source_command): Update documentation. Check permissions if
21 -= END original header =-
22 diff -durN gdb-6.7.1.orig/gdb/cli/cli-cmds.c gdb-6.7.1/gdb/cli/cli-cmds.c
23 --- gdb-6.7.1.orig/gdb/cli/cli-cmds.c 2007-08-23 20:08:47.000000000 +0200
24 +++ gdb-6.7.1/gdb/cli/cli-cmds.c 2008-06-17 23:27:44.000000000 +0200
29 +#include "gdb_stat.h"
39 perror_with_name (file);
47 + struct stat statbuf;
48 + if (fstat (fd, &statbuf) < 0)
50 + perror_with_name (file);
54 + if (statbuf.st_uid != getuid () || (statbuf.st_mode & S_IWOTH))
56 + warning (_("not using untrusted file \"%s\""), file);
63 stream = fdopen (fd, FOPEN_RT);
64 script_from_file (stream, file);
66 diff -durN gdb-6.7.1.orig/gdb/main.c gdb-6.7.1/gdb/main.c
67 --- gdb-6.7.1.orig/gdb/main.c 2007-08-23 20:08:36.000000000 +0200
68 +++ gdb-6.7.1/gdb/main.c 2008-06-17 23:27:44.000000000 +0200
73 - catch_command_errors (source_script, homeinit, 0, RETURN_MASK_ALL);
74 + catch_command_errors (source_script, homeinit, -1, RETURN_MASK_ALL);
77 /* Do stats; no need to do them elsewhere since we'll only
79 || memcmp ((char *) &homebuf, (char *) &cwdbuf, sizeof (struct stat)))
82 - catch_command_errors (source_script, gdbinit, 0, RETURN_MASK_ALL);
83 + catch_command_errors (source_script, gdbinit, -1, RETURN_MASK_ALL);
86 for (i = 0; i < ncmd; i++)
87 diff -durN gdb-6.7.1.orig/gdb/Makefile.in gdb-6.7.1/gdb/Makefile.in
88 --- gdb-6.7.1.orig/gdb/Makefile.in 2008-06-17 23:27:44.000000000 +0200
89 +++ gdb-6.7.1/gdb/Makefile.in 2008-06-17 23:27:44.000000000 +0200
91 $(expression_h) $(frame_h) $(value_h) $(language_h) $(filenames_h) \
92 $(objfiles_h) $(source_h) $(disasm_h) $(ui_out_h) $(top_h) \
93 $(cli_decode_h) $(cli_script_h) $(cli_setshow_h) $(cli_cmds_h) \
95 + $(tui_h) $(gdb_stat_h)
96 $(CC) -c $(INTERNAL_CFLAGS) $(srcdir)/cli/cli-cmds.c
97 cli-decode.o: $(srcdir)/cli/cli-decode.c $(defs_h) $(symtab_h) \
98 $(gdb_regex_h) $(gdb_string_h) $(completer_h) $(ui_out_h) \
99 diff -durN gdb-6.7.1.orig/gdb/testsuite/gdb.base/gdbinit.exp gdb-6.7.1/gdb/testsuite/gdb.base/gdbinit.exp
100 --- gdb-6.7.1.orig/gdb/testsuite/gdb.base/gdbinit.exp 1970-01-01 01:00:00.000000000 +0100
101 +++ gdb-6.7.1/gdb/testsuite/gdb.base/gdbinit.exp 2008-06-17 23:27:44.000000000 +0200
104 +# Free Software Foundation, Inc.
106 +# This program is free software; you can redistribute it and/or modify
107 +# it under the terms of the GNU General Public License as published by
108 +# the Free Software Foundation; either version 2 of the License, or
109 +# (at your option) any later version.
111 +# This program is distributed in the hope that it will be useful,
112 +# but WITHOUT ANY WARRANTY; without even the implied warranty of
113 +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
114 +# GNU General Public License for more details.
116 +# You should have received a copy of the GNU General Public License
117 +# along with this program; if not, write to the Free Software
118 +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
120 +# Please email any bugs, comments, and/or additions to this file to:
121 +# bug-gdb@prep.ai.mit.edu
123 +# This file was written by Jeff Johnston <jjohnstn@redhat.com>.
125 +if $tracelevel then {
132 +# are we on a target board
133 +if [is_remote target] {
143 +global gdb_spawn_id;
145 +gdb_stop_suppressing_tests;
147 +verbose "Spawning $GDB -nw"
149 +if [info exists gdb_spawn_id] {
153 +if ![is_remote host] {
154 + if { [which $GDB] == 0 } then {
155 + perror "$GDB does not exist."
161 +remote_exec build "rm .gdbinit"
162 +remote_exec build "cp ${srcdir}/${subdir}/gdbinit.sample .gdbinit"
163 +remote_exec build "chmod 646 .gdbinit"
165 +set res [remote_spawn host "$GDB -nw [host_info gdb_opts]"];
166 +if { $res < 0 || $res == "" } {
167 + perror "Spawning $GDB failed."
171 + -re "warning: not using untrusted file.*\.gdbinit.*\[\r\n\]$gdb_prompt $" {
172 + pass "untrusted .gdbinit caught."
174 + -re "$gdb_prompt $" {
175 + fail "untrusted .gdbinit caught."
178 + fail "(timeout) untrusted .gdbinit caught."
182 +remote_exec build "chmod 644 .gdbinit"
183 +set res [remote_spawn host "$GDB -nw [host_info gdb_opts]"];
184 +if { $res < 0 || $res == "" } {
185 + perror "Spawning $GDB failed."
189 + -re "warning: not using untrusted file.*\.gdbinit.*\[\r\n\]$gdb_prompt $" {
190 + fail "trusted .gdbinit allowed."
192 + -re "in gdbinit.*$gdb_prompt $" {
193 + pass "trusted .gdbinit allowed."
196 + fail "(timeout) trusted .gdbinit allowed."
200 +remote_exec build "rm .gdbinit"
201 diff -durN gdb-6.7.1.orig/gdb/testsuite/gdb.base/gdbinit.sample gdb-6.7.1/gdb/testsuite/gdb.base/gdbinit.sample
202 --- gdb-6.7.1.orig/gdb/testsuite/gdb.base/gdbinit.sample 1970-01-01 01:00:00.000000000 +0100
203 +++ gdb-6.7.1/gdb/testsuite/gdb.base/gdbinit.sample 2008-06-17 23:27:44.000000000 +0200