<p>Just make sure that noone but you can talk to gdbserver. Does it have some authentication mechanism? </p>
<div class="gmail_quote">On Feb 28, 2012 1:12 AM, "ik" <<a href="mailto:idokan@gmail.com">idokan@gmail.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
On Mon, Feb 27, 2012 at 12:43, guy keren <<a href="mailto:guy.choo.keren@gmail.com">guy.choo.keren@gmail.com</a>> wrote:<br>
> On 02/27/2012 12:33 PM, ik wrote:<br>
>><br>
>> Hello,<br>
>><br>
>> I have a program that I write that uses user-space libraries that talk<br>
>> with kernel space, and I use an IDE for the development and debugging.<br>
>><br>
>> The program requires to run as super user, but I do not want to run<br>
>> the whole IDE itself as super user, only gdb for this specific<br>
>> project, but the IDE<br>
>> does not allow me to do something like: /usr/bin/kdesu /usr/bin/gdb ...<br>
>> I also do not wish to provide suid to root, and allow every one to use<br>
>> gdb as root.<br>
>><br>
>> Beside executing gdb myself with sudo, how would you recommend me to<br>
>> elevate user privileges for gdb on such case ?<br>
><br>
><br>
> a few options:<br>
><br>
><br>
> 1. write a program called "gdb" that only your user has access to. put it in<br>
> your PATH before the locatinof the real gdb. this new "gdb" program will be<br>
> a small suid C program that runs the real gdb. if your IDE looks for gdb in<br>
> the path, rather then with a full path, it will work.<br>
><br>
> 2. make a second copy of the gdb binary that only your can access - and make<br>
> it suid root. put it in your path before the original gdb.<br>
><br>
> 3. check if your IDE is able to use the gdb client-server model. if it can -<br>
> you can run your program externally using the gdb server - and make your ide<br>
> use a gdb-client. i didn't check if the gdb client can run as a normal user<br>
> - but assuming the communiation is done over sockets - it can work. make<br>
> sure that the socket is not accessible outside your machine, and you can add<br>
> firewall rules that will only allow your user to connect to the relevant<br>
> socket.<br>
<br>
I'm going to use gdbserver. Thank you very much guys<br>
<br>
><br>
> --guy<br>
><br>
<br>
Ido<br>
<br>
><br>
> _______________________________________________<br>
> Linux-il mailing list<br>
> <a href="mailto:Linux-il@cs.huji.ac.il">Linux-il@cs.huji.ac.il</a><br>
> <a href="http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il" target="_blank">http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il</a><br>
<br>
_______________________________________________<br>
Linux-il mailing list<br>
<a href="mailto:Linux-il@cs.huji.ac.il">Linux-il@cs.huji.ac.il</a><br>
<a href="http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il" target="_blank">http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il</a><br>
</blockquote></div>