elevate gdb privileges

[ik]

On Mon, Feb 27, 2012 at 12:43, guy keren <guy.choo.keren at gmail.com> wrote:
> On 02/27/2012 12:33 PM, ik wrote:
>>
>> Hello,
>>
>> I have a program that I write that uses user-space libraries that talk
>> with kernel space, and I use an IDE for the development and debugging.
>>
>> The program requires to run as super user, but I do not want to run
>> the whole IDE itself as super user, only gdb for this specific
>> project, but the IDE
>> does not allow me to do something like: /usr/bin/kdesu /usr/bin/gdb ...
>> I also do not wish to provide suid to root, and allow every one to use
>> gdb as root.
>>
>> Beside executing gdb myself with sudo, how would you recommend me to
>> elevate user privileges for gdb on such case ?
>
>
> a few options:
>
>
> 1. write a program called "gdb" that only your user has access to. put it in
> your PATH before the locatinof the real gdb. this new "gdb" program will be
> a small suid C program that runs the real gdb. if your IDE looks for gdb in
> the path, rather then with a full path, it will work.
>
> 2. make a second copy of the gdb binary that only your can access - and make
> it suid root. put it in your path before the original gdb.
>
> 3. check if your IDE is able to use the gdb client-server model. if it can -
> you can run your program externally using the gdb server - and make your ide
> use a gdb-client. i didn't check if the gdb client can run as a normal user
> - but assuming the communiation is done over sockets - it can work. make
> sure that the socket is not accessible outside your machine, and you can add
> firewall rules that will only allow your user to connect to the relevant
> socket.

I'm going to use gdbserver. Thank you very much guys

>
> --guy
>

Ido

>
> _______________________________________________
> Linux-il mailing list
> Linux-il at cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il