[lldb-dev] [OS X] debugserver SETUID root?

René J.V. Bertin via lldb-dev lldb-dev at lists.llvm.org
Thu Sep 1 12:19:26 PDT 2016


On Thursday September 01 2016 10:55:50 Jim Ingham wrote:

>You don't have to reboot after every attempt to sign an executable.  You only have to reboot after making the code signing identity and, doing the little command line trick to get the system to accept it.  That still seems necessary, but then once you've done that you can keep using that identity either till it expires or you reinstall your OS.

Restarting the taskgated also seems to do that trick. If my understanding of the code signing doc is correct, the kernel doesn't cache new certificates until they're used for signing, or something of the sort, and if that's correct it doesn't seem required to reboot after creating a certificate.

>Apple goes to pretty great lengths to limit the harm a debugger can do as an attack vector.  With SIP on, being root gives you many fewer permissions w.r.t. debugging than you might think, so I don't actually think this would help much.  Suggesting people turn SIP off to use your debugger build seems like a bad idea to me.

Yes, that wasn't my intention. I'm still running 10.9, so turning off SIP or not is somewhat of a nobrainer for me ^^

>> And a bonus question: has it ever been tried to sign the debugserver file with the ad hoc identity ("-")? 
>
>I doubt that would work.

It's a pity that there is so little information about what is and what isn't possible with ad-hoc signing.

Anyway, why does codesign or possibly even the Security framework underlying Keychain functionality use the HOME env. variable to determine a user's home directory instead of using one of the available APIs to get this information?

R.


More information about the lldb-dev mailing list