Just make sure that noone but you can talk to gdbserver. Does it have some authentication mechanism? On Feb 28, 2012 1:12 AM, "ik" <ido...@gmail.com> wrote:
> On Mon, Feb 27, 2012 at 12:43, guy keren <guy.choo.ke...@gmail.com> wrote: > > On 02/27/2012 12:33 PM, ik wrote: > >> > >> Hello, > >> > >> I have a program that I write that uses user-space libraries that talk > >> with kernel space, and I use an IDE for the development and debugging. > >> > >> The program requires to run as super user, but I do not want to run > >> the whole IDE itself as super user, only gdb for this specific > >> project, but the IDE > >> does not allow me to do something like: /usr/bin/kdesu /usr/bin/gdb ... > >> I also do not wish to provide suid to root, and allow every one to use > >> gdb as root. > >> > >> Beside executing gdb myself with sudo, how would you recommend me to > >> elevate user privileges for gdb on such case ? > > > > > > a few options: > > > > > > 1. write a program called "gdb" that only your user has access to. put > it in > > your PATH before the locatinof the real gdb. this new "gdb" program will > be > > a small suid C program that runs the real gdb. if your IDE looks for gdb > in > > the path, rather then with a full path, it will work. > > > > 2. make a second copy of the gdb binary that only your can access - and > make > > it suid root. put it in your path before the original gdb. > > > > 3. check if your IDE is able to use the gdb client-server model. if it > can - > > you can run your program externally using the gdb server - and make your > ide > > use a gdb-client. i didn't check if the gdb client can run as a normal > user > > - but assuming the communiation is done over sockets - it can work. make > > sure that the socket is not accessible outside your machine, and you can > add > > firewall rules that will only allow your user to connect to the relevant > > socket. > > I'm going to use gdbserver. Thank you very much guys > > > > > --guy > > > > Ido > > > > > _______________________________________________ > > Linux-il mailing list > > Linux-il@cs.huji.ac.il > > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il > > _______________________________________________ > Linux-il mailing list > Linux-il@cs.huji.ac.il > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il >
_______________________________________________ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
