[lldb-dev] Building and signing debugserver

Greg Clayton gclayton at apple.com
Fri Aug 9 12:51:00 PDT 2013 

On Aug 6, 2013, at 3:45 PM, Richard Mitton <richard at codersnotes.com> wrote:

> Right, I'm just trying to understand how Apple's works without such things.

Because the debugserver binary is code signed by Apple in Xcode releases.
> 
> Or actually, does it? I just tried sshing using the stock lldb/debugserver, and that doesn't work either.

You still do have to authorize debugging. If you are logged into your machine, you will do this via a dialog box, otherwise you can do it via the command line:

sudo DevToolsSecurity -enable

I would avoid editing the “/etc/authorization” if you can avoid it as it will open security holes on your machine.

Greg

> Well I guess that answers that...  :)
> 
> Richard Mitton
> 
> richard at codersnotes.com
> On 08/06/2013 03:29 PM, Benjamin Kemper wrote:
>> To permanently allow, edit "/etc/authorization" and change the value of the "system.privilege.taskport" key to "allow" (if I remember correctly). Be careful though, as this will allow any program on the system to use task_for_pid. I think you can further play with this to allow only a specific user or group but I haven't tried it yet.
>> 
>> To allow the use of task_for_pid only for the current SSH session use:
>> security authorize -l -c system.privilege.taskport
>> 
>> 
>> On Wed, Aug 7, 2013 at 1:23 AM, Richard Mitton <richard at codersnotes.com> wrote:
>> Hi all,
>> 
>> So I'm trying to build debugserver for OS X. I followed all the steps in code_signing.txt and was able to get a debugserver binary.
>> 
>> When I run lldb using this binary, I get a dialog asking for 'Developer Tools Access' in order to run it. If I enter my password this works fine. (although I'm not sure if it sticks over a reboot)
>> 
>> -However- if I try and SSH into this machine and run it from there, it fails ("initial process state wasn't stopped"). I believe this is because the permissions dialog only applies to the current session, so the SSH shell doesn't inherit it (and can't open a GUI to ask me).
>> 
>> So, what is the process needed to permanently grant permissions for the debugserver binary? I can make it work by changing the owner of the file to root/wheel and setting the setuid bit, but I'm not sure if this is the right solution.
>> 
>> -- 
>> Richard Mitton
>> richard at codersnotes.com
>> 
>> _______________________________________________
>> lldb-dev mailing list
>> lldb-dev at cs.uiuc.edu
>> http://lists.cs.uiuc.edu/mailman/listinfo/lldb-dev
>> 
>> 
>> 
>> -- 
>> Benjamin.
> 
> _______________________________________________
> lldb-dev mailing list
> lldb-dev at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/lldb-dev

More information about the lldb-dev mailing list