如何调试需要以 root 身份从 gdb (Eclipse) 以用户身份运行的程序(设置 gdb suid root?)
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/3422288/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Howto debug program that needs to run as root from gdb (Eclipse) as user (set gdb suid root?)
提问by IanH
I need to debug a program on Linux with Eclipse (gdb). The program run as root and is quite large. The binary with debug symbols is about 250MB large and has more than 60 running threads after startup.
我需要使用 Eclipse (gdb) 在 Linux 上调试程序。该程序以root身份运行并且非常大。带有调试符号的二进制文件大约有 250MB 大,启动后有 60 多个正在运行的线程。
I'm thinking about the best solution:
我正在考虑最佳解决方案:
- Use gdbserver
- Run Eclipse as root
- Set gdb suid
- 使用 gdbserver
- 以 root 身份运行 Eclipse
- 设置 gdb suid
I think number 1 (gdbserver) would be the best solution, unfortunately it's not working reliable. The connection between gdb and gdbserver is lost. I think there is a problem with the huge amount of data transferred between eclipse <-> gdb <-> gdbserver.
我认为 1 (gdbserver) 将是最好的解决方案,不幸的是它不可靠。gdb 和 gdbserver 之间的连接丢失。我认为eclipse <-> gdb <-> gdbserver之间传输的大量数据存在问题。
Number 2 (run eclipse as root) means to run every process as root and so interferes also with the version control system, because the Eclipse plugin would use the root user instead of mine to change version-controlled files.
数字 2(以 root 身份运行 eclipse)意味着以 root 身份运行每个进程,因此也会干扰版本控制系统,因为 Eclipse 插件将使用 root 用户而不是我的用户来更改版本控制文件。
I didn't try number 3 (suid gdb). What do you think about it? Does it work at all? I'm aware that a suid root gdb is as safe as having no root-Password at all, but the machine is used for development and debugging by me only. And of course there could be an "enable/disable" script that sets the suid bit only when necessary.
我没有尝试数字 3 (suid gdb)。你怎么看待这件事?它真的有效吗?我知道 suid root gdb 与根本没有 root-Password 一样安全,但该机器仅用于我的开发和调试。当然,可能有一个“启用/禁用”脚本,仅在必要时设置 suid 位。
Do you have any other suggestions?
你有什么其他的建议?
回答by necode
The less intrusive (no need to mess with suid) is to configure yourself to run gdb as root in /etc/sudoers and then just run:
侵入性较小(无需与 suid 混淆)是将自己配置为在 /etc/sudoers 中以 root 身份运行 gdb,然后运行:
sudo xauth merge ~/.Xauthority
须藤 xauth 合并 ~/.Xauthority
sudo gdb
须藤gdb
where the first command is needed to allow root open connection to X server
需要第一个命令来允许 root 打开连接到 X 服务器
回答by Employed Russian
Either 1) or 3) sound like fine solutions.
1) 或 3) 听起来像是很好的解决方案。
The amount of gdb<->gdbserver traffic is never very large. Lost connection implies you are not using reliable transport protocol (which connection protocol areyou using? have you tried local socket?), or a bug in your version of gdb/gdbserver (which version is it?)
gdb<->gdbserver 的流量永远不会很大。丢失连接意味着您没有使用可靠的传输协议(您使用的是哪种连接协议?您是否尝试过本地套接字?),或者您的 gdb/gdbserver 版本中的错误(它是哪个版本?)
You may also consider 4: change the program to notrequire root permissions in the first place. Any large program will have bugs. Bugs + suid-root => OWND machine. Presumably you'll ship this program to your customers. If they suffer OWND machine, they can go after you for damages.
您也可以考虑4:该程序更改为不要求摆在首位root权限。任何大型程序都会有错误。错误 + suid-root => 自己的机器。想必您会将此程序发送给您的客户。如果他们遭受自己的机器,他们可以追讨您的损失。
Usually there is only a very small set of operations which truly require root permissions, and such operations (if sufficiently infrequent) are best performed by a "helper binary" (which is suid-root, but which doesn't run all the time, and is small => less likely to have bugs).
通常只有一小部分真正需要 root 权限的操作,并且此类操作(如果足够少)最好由“帮助程序二进制文件”(即 suid-root,但不会一直运行,并且很小 => 不太可能有错误)。
