<div dir="ltr">Well, SIP is turned off and I experience the same with a binary I just built:<div>```</div><div>egbomrt@msmarple ~/llvm2/build/release_assert $ csrutil status<br>System Integrity Protection status: disabled.<br>egbomrt@msmarple ~/llvm2/build/release_assert $ ./bin/lldb ~/a.out<br>(lldb) target create "/Users/egbomrt/a.out"<br>Current executable set to '/Users/egbomrt/a.out' (x86_64).<br>(lldb) r<br>error: process exited with status -1 (Error 1)<br>(lldb) ^D<br>egbomrt@msmarple ~/llvm2/build/release_assert $ ls -la ~/a.out<br>-rwxr-xr-x 1 egbomrt admin 8736 Júl 22 16:16 /Users/egbomrt/a.out<br>egbomrt@msmarple ~/llvm2/build/release_assert $<br></div><div>```</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Jul 22, 2019 at 4:29 PM Stefan Gränitz <<a href="mailto:stefan.graenitz@gmail.com">stefan.graenitz@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF">
<blockquote type="cite">egbomrt@msmarple
~/llvm2/build/release_assert $ ./bin/lldb /bin/ls<br>
(lldb) target create "/bin/ls"<br>
Current executable set to '/bin/ls' (x86_64).<br>
(lldb) r<br>
<b>error: process exited with status -1 (Error 1)</b></blockquote>
I don't think this is related to debugserver codesigning. If you
really need to debug system binaries, you may need to disable SIP.<br>
<br>
<div class="gmail-m_1946239005957847031moz-cite-prefix">On 22/07/2019 16:14, Gábor Márton
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">I am still struggling with this issue. Now I
decided to work with the codesigned version of the debugserver,
becasue I had an error when I tried to use the system
debugserver.
<div>So I've run <span>scripts/macos-setup-codesign.sh</span><br>
<div>After a reboot and fresh build (I have removed the
CMakeCache.txt and the whole build dir) I have the
debugserver signed:</div>
<div>```</div>
<div>$ codesign -dvvvv
~/llvm2/build/release_assert/bin/debugserver<br>
Executable=/Users/egbomrt/llvm2/build/release_assert/bin/debugserver<br>
Identifier=com.apple.debugserver<br>
Format=Mach-O thin (x86_64)<br>
CodeDirectory v=20100 size=38534 flags=0x0(none)
hashes=1197+5 location=embedded<br>
VersionPlatform=1<br>
VersionMin=658944<br>
VersionSDK=658944<br>
Hash type=sha256 size=32<br>
CandidateCDHash
sha256=7b475cfa7127c84281ceb206093d13dd464dad74<br>
Hash choices=sha256<br>
Page size=4096<br>
CDHash=7b475cfa7127c84281ceb206093d13dd464dad74<br>
Signature size=1611<br>
Authority=lldb_codesign<br>
Signed Time=2019. Jul 22. 15:26:29<br>
Info.plist entries=6<br>
TeamIdentifier=not set<br>
Sealed Resources=none<br>
Internal requirements count=1 size=100<br>
$<br>
</div>
<div>```</div>
</div>
<div><br>
</div>
<div>So far so good.</div>
<div>But then when I try to use lldb I have permission problems:</div>
<div>```</div>
<div>egbomrt@msmarple ~/llvm2/build/release_assert $ ./bin/lldb
/bin/ls<br>
(lldb) target create "/bin/ls"<br>
Current executable set to '/bin/ls' (x86_64).<br>
(lldb) r<br>
<b>error: process exited with status -1 (Error 1)</b><br>
(lldb) ^D<br>
egbomrt@msmarple ~/llvm2/build/release_assert $<br>
</div>
<div>```<br>
</div>
<div><br>
</div>
<div>However, as root I can use lldb:</div>
<div>```</div>
<div>egbomrt@msmarple ~/llvm2/build/release_assert $ sudo
./bin/lldb /bin/ls<br>
(lldb) target create "/bin/ls"<br>
Current executable set to '/bin/ls' (x86_64).<br>
(lldb) r<br>
Process 28052 launched: '/bin/ls' (x86_64)<br>
.ninja_deps compile_commands.json<br>
.ninja_log docs<br>
CMakeCache.txt examples<br>
CMakeDoxyfile.in include<br>
...<br>
Process 28052 exited with status = 0 (0x00000000)<br>
(lldb) ^D<br>
egbomrt@msmarple ~/llvm2/build/release_assert $<br>
</div>
<div>```</div>
<div><br>
</div>
<div>Is it possible to codesign in a way that a regular user can
run the built debugserver? Or what else could be the reason
behind this permission problem?</div>
<div><br>
</div>
<div>Thanks,</div>
<div>Gabor</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Fri, Jul 19, 2019 at 11:47
PM Stefan Gränitz <<a href="mailto:stefan.graenitz@gmail.com" target="_blank">stefan.graenitz@gmail.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF">
<p>Hi Gábor, I am sorry this caused an issue for you. Good
that apparently it's resolved now.<br>
<br>
Did you reconfigure an existing build-tree? Your
observations would make sense in this context, because the
change affects CMake cached variables. This is
unfortunate, but can not always be avoided. If this
happens again (or to anyone else), a clean build seems to
be a good first step.<br>
<br>
Best,<br>
Stefan<br>
<br>
On 19/07/2019 19:36, Gábor Márton wrote:<br>
</p>
<blockquote type="cite">
<div dir="ltr">Actually, it is embarrassing (perhaps for
macOS and not for me) that after a reboot the problem is
gone.
<div>Perhaps after "sudo /usr/sbin/DevToolsSecurity
--enable" a reboot is required, but could not find
anything official about that.</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Fri, Jul 19, 2019
at 7:20 PM Gábor Márton <<a href="mailto:martongabesz@gmail.com" target="_blank">martongabesz@gmail.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div dir="ltr">This might not be related to the
debugserver, I just realized that I get
<div>"error: <span class="gmail-m_1946239005957847031gmail-m_8428160405396733394gmail-m_-2133299894781877036gmail-il">process</span> <span class="gmail-m_1946239005957847031gmail-m_8428160405396733394gmail-m_-2133299894781877036gmail-il">exited</span> with
status -1 (Error 1)"<br>
</div>
<div>even with the simplest main.c.</div>
<div>This may be some kind of security issue on mac
OS...</div>
<div>Though I've checked and I have SIP disabled and
I have executed "sudo /usr/sbin/DevToolsSecurity
--enable".</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Fri, Jul 19,
2019 at 4:46 PM Gábor Márton <<a href="mailto:martongabesz@gmail.com" target="_blank">martongabesz@gmail.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div dir="ltr">Hi Stefan,
<div><br>
</div>
<div>Since the commit</div>
<div>"[CMake] Always build debugserver on Darwin
and allow tests to use the system's one"</div>
<div>I cannot use the system debugserver for
testing.</div>
<div>I receive the following error message from
lldb when I execute "ninja check-lldb":<br>
</div>
<div>```</div>
<div>runCmd: run<br>
runCmd failed!<br>
error: process exited with status -1 (Error 1)<br>
</div>
<div>```</div>
<div><br>
</div>
<div>
<div>I do set
up "-DLLDB_USE_SYSTEM_DEBUGSERVER=ON" with
cmake so I see</div>
</div>
<div>```</div>
<div>-- LLDB tests use out-of-tree debugserver:
/Library/Developer/CommandLineTools/Library/PrivateFrameworks/LLDB.framework/Resources/debugserver<br>
</div>
<div>```</div>
<div><br>
</div>
<div>Also, I have inspected the following test
output</div>
<div>```</div>
<div>Command invoked: /usr/bin/python
/Users/egbomrt/llvm2/git/llvm/tools/lldb/test/dotest.py
-q --arch=x86_64 -s
/Users/egbomrt/llvm2/build/release_assert/lldb-test-traces
--build-dir
/Users/egbomrt/llvm2/build/release_assert/lldb-test-build.noindex
-S nm -u CXXFLAGS -u CFLAGS --executable
/Users/egbomrt/llvm2/build/release_assert/./bin/lldb
--dsymutil
/Users/egbomrt/llvm2/build/release_assert/./bin/dsymutil
--filecheck
/Users/egbomrt/llvm2/build/release_assert/./bin/FileCheck
-C
/Users/egbomrt/llvm2/build/release_assert/bin/clang
--codesign-identity -
--out-of-tree-debugserver --arch x86_64 -t
--env TERM=vt100 -p TestCModules.py
--results-port 49931 -S nm --inferior -p
TestCModules.py
/Users/egbomrt/llvm2/git/llvm/tools/lldb/packages/Python/lldbsuite/test/lang/c/modules
--event-add-entries worker_index=0:int<br>
1 out of 736 test suites processed -
TestCModules.py<br>
</div>
<div>```</div>
<div>so it seems like the argument for
--out-of-tree-debugserver is missing...</div>
<div><br>
</div>
Could you please advise?
<div><br>
</div>
<div>Thank you,</div>
<div>Gabor</div>
</div>
</blockquote>
</div>
</blockquote>
</div>
</blockquote>
<pre class="gmail-m_1946239005957847031gmail-m_8428160405396733394moz-signature" cols="72">--
<a class="gmail-m_1946239005957847031gmail-m_8428160405396733394moz-txt-link-freetext" href="https://flowcrypt.com/pub/stefan.graenitz@gmail.com" target="_blank">https://flowcrypt.com/pub/stefan.graenitz@gmail.com</a></pre>
</div>
</blockquote>
</div>
</blockquote>
<pre class="gmail-m_1946239005957847031moz-signature" cols="72">--
<a class="gmail-m_1946239005957847031moz-txt-link-freetext" href="https://flowcrypt.com/pub/stefan.graenitz@gmail.com" target="_blank">https://flowcrypt.com/pub/stefan.graenitz@gmail.com</a></pre>
</div>
</blockquote></div>