elevate gdb privileges

elevate gdb privileges

Amos Shapira amos.shapira at gmail.com
Mon Feb 27 22:06:21 IST 2012 

Just make sure that noone but you can talk to gdbserver. Does it have some
authentication mechanism?
On Feb 28, 2012 1:12 AM, "ik" <idokan at gmail.com> wrote:

> On Mon, Feb 27, 2012 at 12:43, guy keren <guy.choo.keren at gmail.com> wrote:
> > On 02/27/2012 12:33 PM, ik wrote:
> >>
> >> Hello,
> >>
> >> I have a program that I write that uses user-space libraries that talk
> >> with kernel space, and I use an IDE for the development and debugging.
> >>
> >> The program requires to run as super user, but I do not want to run
> >> the whole IDE itself as super user, only gdb for this specific
> >> project, but the IDE
> >> does not allow me to do something like: /usr/bin/kdesu /usr/bin/gdb ...
> >> I also do not wish to provide suid to root, and allow every one to use
> >> gdb as root.
> >>
> >> Beside executing gdb myself with sudo, how would you recommend me to
> >> elevate user privileges for gdb on such case ?
> >
> >
> > a few options:
> >
> >
> > 1. write a program called "gdb" that only your user has access to. put
> it in
> > your PATH before the locatinof the real gdb. this new "gdb" program will
> be
> > a small suid C program that runs the real gdb. if your IDE looks for gdb
> in
> > the path, rather then with a full path, it will work.
> >
> > 2. make a second copy of the gdb binary that only your can access - and
> make
> > it suid root. put it in your path before the original gdb.
> >
> > 3. check if your IDE is able to use the gdb client-server model. if it
> can -
> > you can run your program externally using the gdb server - and make your
> ide
> > use a gdb-client. i didn't check if the gdb client can run as a normal
> user
> > - but assuming the communiation is done over sockets - it can work. make
> > sure that the socket is not accessible outside your machine, and you can
> add
> > firewall rules that will only allow your user to connect to the relevant
> > socket.
>
> I'm going to use gdbserver. Thank you very much guys
>
> >
> > --guy
> >
>
> Ido
>
> >
> > _______________________________________________
> > Linux-il mailing list
> > Linux-il at cs.huji.ac.il
> > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
> _______________________________________________
> Linux-il mailing list
> Linux-il at cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.cs.huji.ac.il/pipermail/linux-il/attachments/20120228/637b8a89/attachment.html>

More information about the Linux-il mailing list