On Aug 6, 2013, at 3:45 PM, Richard Mitton <[email protected]> wrote:
> Right, I'm just trying to understand how Apple's works without such things. Because the debugserver binary is code signed by Apple in Xcode releases. > > Or actually, does it? I just tried sshing using the stock lldb/debugserver, > and that doesn't work either. You still do have to authorize debugging. If you are logged into your machine, you will do this via a dialog box, otherwise you can do it via the command line: sudo DevToolsSecurity -enable I would avoid editing the “/etc/authorization” if you can avoid it as it will open security holes on your machine. Greg > Well I guess that answers that... :) > > Richard Mitton > > [email protected] > On 08/06/2013 03:29 PM, Benjamin Kemper wrote: >> To permanently allow, edit "/etc/authorization" and change the value of the >> "system.privilege.taskport" key to "allow" (if I remember correctly). Be >> careful though, as this will allow any program on the system to use >> task_for_pid. I think you can further play with this to allow only a >> specific user or group but I haven't tried it yet. >> >> To allow the use of task_for_pid only for the current SSH session use: >> security authorize -l -c system.privilege.taskport >> >> >> On Wed, Aug 7, 2013 at 1:23 AM, Richard Mitton <[email protected]> >> wrote: >> Hi all, >> >> So I'm trying to build debugserver for OS X. I followed all the steps in >> code_signing.txt and was able to get a debugserver binary. >> >> When I run lldb using this binary, I get a dialog asking for 'Developer >> Tools Access' in order to run it. If I enter my password this works fine. >> (although I'm not sure if it sticks over a reboot) >> >> -However- if I try and SSH into this machine and run it from there, it fails >> ("initial process state wasn't stopped"). I believe this is because the >> permissions dialog only applies to the current session, so the SSH shell >> doesn't inherit it (and can't open a GUI to ask me). >> >> So, what is the process needed to permanently grant permissions for the >> debugserver binary? I can make it work by changing the owner of the file to >> root/wheel and setting the setuid bit, but I'm not sure if this is the right >> solution. >> >> -- >> Richard Mitton >> [email protected] >> >> _______________________________________________ >> lldb-dev mailing list >> [email protected] >> http://lists.cs.uiuc.edu/mailman/listinfo/lldb-dev >> >> >> >> -- >> Benjamin. > > _______________________________________________ > lldb-dev mailing list > [email protected] > http://lists.cs.uiuc.edu/mailman/listinfo/lldb-dev _______________________________________________ lldb-dev mailing list [email protected] http://lists.cs.uiuc.edu/mailman/listinfo/lldb-dev
