On 02/27/2012 12:33 PM, ik wrote:
Hello,
I have a program that I write that uses user-space libraries that talk
with kernel space, and I use an IDE for the development and debugging.
The program requires to run as super user, but I do not want to run
the whole IDE itself as super user, only gdb for this specific
project, but the IDE
does not allow me to do something like: /usr/bin/kdesu /usr/bin/gdb ...
I also do not wish to provide suid to root, and allow every one to use
gdb as root.
Beside executing gdb myself with sudo, how would you recommend me to
elevate user privileges for gdb on such case ?
a few options:
1. write a program called "gdb" that only your user has access to. put
it in your PATH before the locatinof the real gdb. this new "gdb"
program will be a small suid C program that runs the real gdb. if your
IDE looks for gdb in the path, rather then with a full path, it will work.
2. make a second copy of the gdb binary that only your can access - and
make it suid root. put it in your path before the original gdb.
3. check if your IDE is able to use the gdb client-server model. if it
can - you can run your program externally using the gdb server - and
make your ide use a gdb-client. i didn't check if the gdb client can run
as a normal user - but assuming the communiation is done over sockets -
it can work. make sure that the socket is not accessible outside your
machine, and you can add firewall rules that will only allow your user
to connect to the relevant socket.
--guy
_______________________________________________
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
