Another way to get around this is to run debugserver as root (“sudo debugserver …”)
On Aug 9, 2013, at 1:00 PM, Richard Mitton <[email protected]> wrote: > Thanks, > > For what it's worth, I had 'sudo DevToolsSecurity -enable' enabled from the > ssh window, but it still would not work. > > setuid on the debugserver binary seems to be working well for me, and looks > like the safest route for now. > > Richard Mitton > [email protected] > > On 08/09/2013 12:51 PM, Greg Clayton wrote: >> On Aug 6, 2013, at 3:45 PM, Richard Mitton <[email protected]> wrote: >> >>> Right, I'm just trying to understand how Apple's works without such things. >> Because the debugserver binary is code signed by Apple in Xcode releases. >>> Or actually, does it? I just tried sshing using the stock lldb/debugserver, >>> and that doesn't work either. >> You still do have to authorize debugging. If you are logged into your >> machine, you will do this via a dialog box, otherwise you can do it via the >> command line: >> >> sudo DevToolsSecurity -enable >> >> I would avoid editing the “/etc/authorization” if you can avoid it as it >> will open security holes on your machine. >> >> Greg >> >>> Well I guess that answers that... :) >>> >>> Richard Mitton >>> >>> [email protected] >>> On 08/06/2013 03:29 PM, Benjamin Kemper wrote: >>>> To permanently allow, edit "/etc/authorization" and change the value of >>>> the "system.privilege.taskport" key to "allow" (if I remember correctly). >>>> Be careful though, as this will allow any program on the system to use >>>> task_for_pid. I think you can further play with this to allow only a >>>> specific user or group but I haven't tried it yet. >>>> >>>> To allow the use of task_for_pid only for the current SSH session use: >>>> security authorize -l -c system.privilege.taskport >>>> >>>> >>>> On Wed, Aug 7, 2013 at 1:23 AM, Richard Mitton <[email protected]> >>>> wrote: >>>> Hi all, >>>> >>>> So I'm trying to build debugserver for OS X. I followed all the steps in >>>> code_signing.txt and was able to get a debugserver binary. >>>> >>>> When I run lldb using this binary, I get a dialog asking for 'Developer >>>> Tools Access' in order to run it. If I enter my password this works fine. >>>> (although I'm not sure if it sticks over a reboot) >>>> >>>> -However- if I try and SSH into this machine and run it from there, it >>>> fails ("initial process state wasn't stopped"). I believe this is because >>>> the permissions dialog only applies to the current session, so the SSH >>>> shell doesn't inherit it (and can't open a GUI to ask me). >>>> >>>> So, what is the process needed to permanently grant permissions for the >>>> debugserver binary? I can make it work by changing the owner of the file >>>> to root/wheel and setting the setuid bit, but I'm not sure if this is the >>>> right solution. >>>> >>>> -- >>>> Richard Mitton >>>> [email protected] >>>> >>>> _______________________________________________ >>>> lldb-dev mailing list >>>> [email protected] >>>> http://lists.cs.uiuc.edu/mailman/listinfo/lldb-dev >>>> >>>> >>>> >>>> -- >>>> Benjamin. >>> _______________________________________________ >>> lldb-dev mailing list >>> [email protected] >>> http://lists.cs.uiuc.edu/mailman/listinfo/lldb-dev > _______________________________________________ lldb-dev mailing list [email protected] http://lists.cs.uiuc.edu/mailman/listinfo/lldb-dev
