elevate gdb privileges
guy keren
guy.choo.keren at gmail.com
Mon Feb 27 12:43:29 IST 2012
On 02/27/2012 12:33 PM, ik wrote:
> Hello,
>
> I have a program that I write that uses user-space libraries that talk
> with kernel space, and I use an IDE for the development and debugging.
>
> The program requires to run as super user, but I do not want to run
> the whole IDE itself as super user, only gdb for this specific
> project, but the IDE
> does not allow me to do something like: /usr/bin/kdesu /usr/bin/gdb ...
> I also do not wish to provide suid to root, and allow every one to use
> gdb as root.
>
> Beside executing gdb myself with sudo, how would you recommend me to
> elevate user privileges for gdb on such case ?
a few options:
1. write a program called "gdb" that only your user has access to. put
it in your PATH before the locatinof the real gdb. this new "gdb"
program will be a small suid C program that runs the real gdb. if your
IDE looks for gdb in the path, rather then with a full path, it will work.
2. make a second copy of the gdb binary that only your can access - and
make it suid root. put it in your path before the original gdb.
3. check if your IDE is able to use the gdb client-server model. if it
can - you can run your program externally using the gdb server - and
make your ide use a gdb-client. i didn't check if the gdb client can run
as a normal user - but assuming the communiation is done over sockets -
it can work. make sure that the socket is not accessible outside your
machine, and you can add firewall rules that will only allow your user
to connect to the relevant socket.
--guy
More information about the Linux-il
mailing list