On 1 September 2016 at 10:01, René J.V. Bertin via lldb-dev <lldb-dev@lists.llvm.org> wrote: > - does the debugserver application do anything which makes it a really bad > idea to make it SETUID root? It listens on a tcp connection, and takes control of random applications.
debugserver is the ultimate remote code execution tool, and it does not even try to hide it. I don't know whether it has any special security safeguards on osx (there certainly aren't any on linux), but I think having it installed that way is an open invitation to get pwned. pl _______________________________________________ lldb-dev mailing list lldb-dev@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-dev
