Hi all,
So I'm trying to build debugserver for OS X. I followed all the steps in code_signing.txt and was able to get a debugserver binary.
When I run lldb using this binary, I get a dialog asking for 'Developer Tools Access' in order to run it. If I enter my password this works fine. (although I'm not sure if it sticks over a reboot)
-However- if I try and SSH into this machine and run it from there, it fails ("initial process state wasn't stopped"). I believe this is because the permissions dialog only applies to the current session, so the SSH shell doesn't inherit it (and can't open a GUI to ask me).
So, what is the process needed to permanently grant permissions for the debugserver binary? I can make it work by changing the owner of the file to root/wheel and setting the setuid bit, but I'm not sure if this is the right solution.
Richard,
try
–
$ sudo DevToolsSecurity -enable
–
Sean
To permanently allow, edit “/etc/authorization” and change the value of the “system.privilege.taskport” key to “allow” (if I remember correctly). Be careful though, as this will allow any program on the system to use task_for_pid. I think you can further play with this to allow only a specific user or group but I haven’t tried it yet.
To allow the use of task_for_pid only for the current SSH session use:
security authorize -l -c system.privilege.taskport
Right, I'm just trying to understand how Apple's works without such things.
Or actually, does it? I just tried sshing using the stock lldb/debugserver, and that doesn't work either.
Well I guess that answers that... 
Richard Mitton
richard@codersnotes.com
Right, I'm just trying to understand how Apple's works without such things.
Because the debugserver binary is code signed by Apple in Xcode releases.
Or actually, does it? I just tried sshing using the stock lldb/debugserver, and that doesn't work either.
You still do have to authorize debugging. If you are logged into your machine, you will do this via a dialog box, otherwise you can do it via the command line:
sudo DevToolsSecurity -enable
I would avoid editing the “/etc/authorization” if you can avoid it as it will open security holes on your machine.
Greg
Thanks,
For what it's worth, I had 'sudo DevToolsSecurity -enable' enabled from the ssh window, but it still would not work.
setuid on the debugserver binary seems to be working well for me, and looks like the safest route for now.
Richard Mitton
richard@codersnotes.com
Another way to get around this is to run debugserver as root (“sudo debugserver …”)