This patch was not popular upstream; there was no fundamental objection, but several problems with the implementation. It needs to be revisited. --- gdb/cli/cli-cmds.c | 42 +++++++++++++++++++++++++++++++++++++++++- gdb/main.c | 4 ++-- 2 files changed, 43 insertions(+), 3 deletions(-) Index: gdb-7.4/gdb/cli/cli-cmds.c =================================================================== --- gdb-7.4.orig/gdb/cli/cli-cmds.c 2011-11-17 15:58:35.000000000 +0000 +++ gdb-7.4/gdb/cli/cli-cmds.c 2011-11-17 17:03:20.505359078 +0000 @@ -55,6 +55,8 @@ #include "tui/tui.h" /* For tui_active et.al. */ #endif +#include "gdb_stat.h" + #include /* Prototypes for local command functions */ @@ -585,13 +587,47 @@ If the source command was invoked interactively, throw an error. Otherwise (e.g. if it was invoked by a script), silently ignore the error. */ - if (from_tty) + /* Or, if this was an automatic load during startup, ignore the + error. */ + if (from_tty > 0) perror_with_name (file); else return; } old_cleanups = make_cleanup (xfree, full_path); + + if (stream == NULL) + { + if (from_tty) + perror_with_name (file); + else + { + do_cleanups (old_cleanups); + return; + } + } + +#ifdef HAVE_GETUID + if (from_tty == -1) + { + struct stat statbuf; + int fd = fileno (stream); + if (fstat (fd, &statbuf) < 0) + { + make_cleanup_fclose (stream); + perror_with_name (file); + } + if (statbuf.st_uid != getuid () || (statbuf.st_mode & S_IWOTH)) + { + warning ("not using untrusted file \"%s\"", file); + fclose (stream); + do_cleanups (old_cleanups); + return; + } + } +#endif + /* The python support reopens the file, so we need to pass full_path here in case the file was found on the search path. It's useful to do this anyway so that error messages show the actual file used. But only do