[lldb-dev] [OS X] debugserver SETUID root?

René J.V. Bertin via lldb-dev lldb-dev at lists.llvm.org
Thu Sep 1 02:01:44 PDT 2016


MacPorts has long had ports for llvm and clang which are very practical. Ports for lldb have been missing until now, so I've been trying to create one based on the existing clang port. That wasn't particularly difficult, except (who'd guess) for the codesigning bit.

Two questions: 

- to what extent is it indeed (still) required to reboot after each attempt to (re)sign an executable? It doesn't appear to be the case for applications that just need to accept internet connections, for instance.
- does the debugserver application do anything which makes it a really bad idea to make it SETUID root?

And a bonus question: has it ever been tried to sign the debugserver file with the ad hoc identity ("-")? That identity works for accepting internet connections (= once signed like that applications no longer put up the deny/allow connection dialog each time they're started).


More information about the lldb-dev mailing list