tags:

views:

83

answers:

1
Q: 

Howto debug program that needs to run as root from gdb (Eclipse) as user (set gdb suid root?)

I need to debug a program on Linux with Eclipse (gdb). The program run as root and is quite large. The binary with debug symbols is about 250MB large and has more than 60 running threads after startup.

I'm thinking about the best solution:

  1. Use gdbserver
  2. Run Eclipse as root
  3. Set gdb suid

I think number 1 (gdbserver) would be the best solution, unfortunately it's not working reliable. The connection between gdb and gdbserver is lost. I think there is a problem with the huge amount of data transferred between eclipse <-> gdb <-> gdbserver.

Number 2 (run eclipse as root) means to run every process as root and so interferes also with the version control system, because the Eclipse plugin would use the root user instead of mine to change version-controlled files.

I didn't try number 3 (suid gdb). What do you think about it? Does it work at all? I'm aware that a suid root gdb is as safe as having no root-Password at all, but the machine is used for development and debugging by me only. And of course there could be an "enable/disable" script that sets the suid bit only when necessary.

Do you have any other suggestions?

A: 

Either 1) or 3) sound like fine solutions.

The amount of gdb<->gdbserver traffic is never very large. Lost connection implies you are not using reliable transport protocol (which connection protocol are you using? have you tried local socket?), or a bug in your version of gdb/gdbserver (which version is it?)

You may also consider 4: change the program to not require root permissions in the first place. Any large program will have bugs. Bugs + suid-root => OWND machine. Presumably you'll ship this program to your customers. If they suffer OWND machine, they can go after you for damages.

Usually there is only a very small set of operations which truly require root permissions, and such operations (if sufficiently infrequent) are best performed by a "helper binary" (which is suid-root, but which doesn't run all the time, and is small => less likely to have bugs).

Employed Russian  2010-08-06 16:41:34
The term "lost connection" was not right, it looks more like a synchronization problem. There are strange errors in the gdbserver protocol.
IanH  2010-08-08 12:28:25

related questions

Exposing a remote interface or object model.
Rolling back bad changes with svn in Eclipse
Prevent SWT scrolledComposite from eating part of it's children
Can't create a subversion repository with Eclipse 3.4.0, svn 1.5.1
Do Java multi-line comments account for strings?
Testing a client-server application
Best GUI designer for eclipse?
vim commands in Eclipse
Eclipse 3.2.2 content assist not finding classes in the project
Cannot add a launch shortcut (Eclipse Plug-in)
eclipse javascript editor
Libraries for pretty charts in SWT?
Drag and Drop an Email from MS Outlook to Eclipse RCP
Useful Eclipse features?
What tools do you use to develop C++ applications on Linux?
Map VS2008 keyboard shortcuts to Eclipse
Android Development
How to setup Groovy + Eclipse + Junit4 ?
Can I script FlexBuilder without writing an extension?
I would like a recommendation for a book on Eclipse's Rich Client Platform (RCP).
Eclipse : Class file name must end with .class exception in Java Search
Eclipse on win64
Do you have any recommended plugins for Eclipse?
How can I unit test Flex applications from within the IDE or a build script?
How can you get Subclipse in Aptana to work with the newest release of Subversion?