High-risk tools in gdb and rr Debugging
13 of the 15 tools in gdb and rr Debugging are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
batch_commandsExecuteExecute GDB commands sequentially, returning each output.
-
breakpointExecuteSet a breakpoint. Triggers in both directions in rr sessions.
-
continue_execExecuteContinue execution. Blocks until next stop.
-
exec_commandExecuteExecute any GDB command and return its output.
-
finishExecuteRun until current function returns. Blocks until stopped.
-
printExecuteEvaluate a GDB expression (print).
-
rr_recordExecuterr_record
-
runExecuteStart or restart the inferior. Blocks until it stops.
-
start_replay_sessionExecuteStart an rr replay session for time-travel debugging.
-
start_sessionExecuteStart a new GDB session. Returns session_id for all other tools.
-
stepExecuteStep one source line or instruction. Blocks until stopped.
-
stop_sessionExecuteStop and clean up a GDB session (kills the GDB process).
-
watchExecuteSet a watchpoint that stops when an expression changes.
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.