如何调试需要从 gdb (Eclipse) 作为用户以 root 身份运行的程序(设置 gdb suid root?)

发布于 2024-09-13 11:49:36 字数 592 浏览 5 评论 0原文

我需要使用 Eclipse (gdb) 在 Linux 上调试程序。该程序以 root 身份运行并且相当大。带有调试符号的二进制文件大约有250MB大,启动后有超过60个正在运行的线程。

我正在考虑最好的解决方案:

  1. 使用 gdbserver
  2. 以 root 身份运行 Eclipse 设置
  3. gdb suid

我认为第 1 号(gdbserver)将是最好的解决方案,不幸的是它工作不可靠。 gdb 和 gdbserver 之间的连接丢失。我认为eclipse <-> 之间传输的大量数据存在问题。 gdb <->; gdb服务器。

第 2 种(以 root 身份运行 eclipse)意味着以 root 身份运行每个进程,因此也会干扰版本控制系统,因为 Eclipse 插件将使用 root 用户而不是我的用户来更改版本控制文件。

我没有尝试第三个(suid gdb)。你对此有何看法?它到底有用吗? 我知道 suid root gdb 与根本没有 root 密码一样安全,但该机器仅供我用于开发和调试。当然,可能有一个“启用/禁用”脚本,仅在必要时设置 suid 位。

您还有其他建议吗?

I need to debug a program on Linux with Eclipse (gdb). The program run as root and is quite large. The binary with debug symbols is about 250MB large and has more than 60 running threads after startup.

I'm thinking about the best solution:

  1. Use gdbserver
  2. Run Eclipse as root
  3. Set gdb suid

I think number 1 (gdbserver) would be the best solution, unfortunately it's not working reliable. The connection between gdb and gdbserver is lost. I think there is a problem with the huge amount of data transferred between eclipse <-> gdb <-> gdbserver.

Number 2 (run eclipse as root) means to run every process as root and so interferes also with the version control system, because the Eclipse plugin would use the root user instead of mine to change version-controlled files.

I didn't try number 3 (suid gdb). What do you think about it? Does it work at all?
I'm aware that a suid root gdb is as safe as having no root-Password at all, but the machine is used for development and debugging by me only. And of course there could be an "enable/disable" script that sets the suid bit only when necessary.

Do you have any other suggestions?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

疯了 2024-09-20 11:49:36

侵入性较小(无需弄乱 suid)的方法是将自己配置为在 /etc/sudoers 中以 root 身份运行 gdb,然后运行:

sudo xauth merge ~/.Xauthority

sudo gdb

其中需要第一个命令来允许 root 打开连接到 X 服务器

The less intrusive (no need to mess with suid) is to configure yourself to run gdb as root in /etc/sudoers and then just run:

sudo xauth merge ~/.Xauthority

sudo gdb

where the first command is needed to allow root open connection to X server

疯狂的代价 2024-09-20 11:49:36

1) 或 3) 听起来都是不错的解决方案。

gdb<->gdbserver 流量从来都不会很大。失去连接意味着您没有使用可靠的传输协议(您使用的是哪种连接协议?您尝试过本地套接字吗?),或者您的 gdb/gdbserver 版本中存在错误(它是哪个版本?)

您还可以考虑 4:将程序更改为不需要 首先需要 root 权限。任何大型程序都会有错误。错误 + suid-root =>自己的机器。想必您会将此程序发送给您的客户。如果他们自己的机器受损,他们可以向您索赔。

通常只有一小部分真正需要 root 权限的操作,并且此类操作(如果足够不频繁的话)最好由“辅助二进制文件”(即 suid-root,但不会一直运行,并且很小=>不太可能出现错误)。

Either 1) or 3) sound like fine solutions.

The amount of gdb<->gdbserver traffic is never very large. Lost connection implies you are not using reliable transport protocol (which connection protocol are you using? have you tried local socket?), or a bug in your version of gdb/gdbserver (which version is it?)

You may also consider 4: change the program to not require root permissions in the first place. Any large program will have bugs. Bugs + suid-root => OWND machine. Presumably you'll ship this program to your customers. If they suffer OWND machine, they can go after you for damages.

Usually there is only a very small set of operations which truly require root permissions, and such operations (if sufficiently infrequent) are best performed by a "helper binary" (which is suid-root, but which doesn't run all the time, and is small => less likely to have bugs).

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文