[lldb-dev] [OS X] debugserver SETUID root?

[Jim Ingham via lldb-dev]

> On Sep 1, 2016, at 2:01 AM, René J.V. Bertin via lldb-dev <lldb-dev at lists.llvm.org> wrote:
> 
> Hi,
> 
> MacPorts has long had ports for llvm and clang which are very practical. Ports for lldb have been missing until now, so I've been trying to create one based on the existing clang port. That wasn't particularly difficult, except (who'd guess) for the codesigning bit.
> 
> Two questions: 
> 
> - to what extent is it indeed (still) required to reboot after each attempt to (re)sign an executable? It doesn't appear to be the case for applications that just need to accept internet connections, for instance.

You don't have to reboot after every attempt to sign an executable.  You only have to reboot after making the code signing identity and, doing the little command line trick to get the system to accept it.  That still seems necessary, but then once you've done that you can keep using that identity either till it expires or you reinstall your OS.

> - does the debugserver application do anything which makes it a really bad idea to make it SETUID root?
> 

Apple goes to pretty great lengths to limit the harm a debugger can do as an attack vector.  With SIP on, being root gives you many fewer permissions w.r.t. debugging than you might think, so I don't actually think this would help much.  Suggesting people turn SIP off to use your debugger build seems like a bad idea to me.

> And a bonus question: has it ever been tried to sign the debugserver file with the ad hoc identity ("-")? That identity works for accepting internet connections (= once signed like that applications no longer put up the deny/allow connection dialog each time they're started).

I doubt that would work.

Jim 

> 
> Thanks,
> René
> _______________________________________________
> lldb-dev mailing list
> lldb-dev at lists.llvm.org
> http://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-dev