On the Linux side of things, I've found it surprising how easy it is to crash GDB by doing funny stuff in the inferior program. (E.g., fiddling with the PT_INTERP header can make it read a null pointer when loading the program, https://sourceware.org/bugzilla/show_bug.cgi?id=30663. And at runtime, I've gotten several crashes by playing with the stack/instruction pointers.)
I wouldn't be surprised if some of these crashes are exploitable as RCEs, perhaps even through gdbserver. I'd be wary of running GDB on a malicious program without sandboxing both.
On the Linux side of things, I've found it surprising how easy it is to crash GDB by doing funny stuff in the inferior program. (E.g., fiddling with the PT_INTERP header can make it read a null pointer when loading the program, https://sourceware.org/bugzilla/show_bug.cgi?id=30663. And at runtime, I've gotten several crashes by playing with the stack/instruction pointers.)
I wouldn't be surprised if some of these crashes are exploitable as RCEs, perhaps even through gdbserver. I'd be wary of running GDB on a malicious program without sandboxing both.
Sadly not about transport tycoon deluxe
Thanks for saving me the extra tap!
[dead]