Thanks,
For what it's worth, I had 'sudo DevToolsSecurity -enable' enabled from
the ssh window, but it still would not work.
setuid on the debugserver binary seems to be working well for me, and
looks like the safest route for now.
Richard Mitton
[email protected]
On 08/09/2013 12:51 PM, Greg Clayton wrote:
On Aug 6, 2013, at 3:45 PM, Richard Mitton <[email protected]> wrote:
Right, I'm just trying to understand how Apple's works without such things.
Because the debugserver binary is code signed by Apple in Xcode releases.
Or actually, does it? I just tried sshing using the stock lldb/debugserver, and
that doesn't work either.
You still do have to authorize debugging. If you are logged into your machine,
you will do this via a dialog box, otherwise you can do it via the command line:
sudo DevToolsSecurity -enable
I would avoid editing the “/etc/authorization” if you can avoid it as it will
open security holes on your machine.
Greg
Well I guess that answers that... :)
Richard Mitton
[email protected]
On 08/06/2013 03:29 PM, Benjamin Kemper wrote:
To permanently allow, edit "/etc/authorization" and change the value of the
"system.privilege.taskport" key to "allow" (if I remember correctly). Be careful though,
as this will allow any program on the system to use task_for_pid. I think you can further play with this to
allow only a specific user or group but I haven't tried it yet.
To allow the use of task_for_pid only for the current SSH session use:
security authorize -l -c system.privilege.taskport
On Wed, Aug 7, 2013 at 1:23 AM, Richard Mitton <[email protected]> wrote:
Hi all,
So I'm trying to build debugserver for OS X. I followed all the steps in
code_signing.txt and was able to get a debugserver binary.
When I run lldb using this binary, I get a dialog asking for 'Developer Tools
Access' in order to run it. If I enter my password this works fine. (although
I'm not sure if it sticks over a reboot)
-However- if I try and SSH into this machine and run it from there, it fails
("initial process state wasn't stopped"). I believe this is because the
permissions dialog only applies to the current session, so the SSH shell doesn't inherit
it (and can't open a GUI to ask me).
So, what is the process needed to permanently grant permissions for the
debugserver binary? I can make it work by changing the owner of the file to
root/wheel and setting the setuid bit, but I'm not sure if this is the right
solution.
--
Richard Mitton
[email protected]
_______________________________________________
lldb-dev mailing list
[email protected]
http://lists.cs.uiuc.edu/mailman/listinfo/lldb-dev
--
Benjamin.
_______________________________________________
lldb-dev mailing list
[email protected]
http://lists.cs.uiuc.edu/mailman/listinfo/lldb-dev
_______________________________________________
lldb-dev mailing list
[email protected]
http://lists.cs.uiuc.edu/mailman/listinfo/lldb-dev
