From: Tristan Gingold <gingold@adacore.com>
To: gdb-patches ml <gdb-patches@sourceware.org>
Subject: [RFA-Darwin]: Add an info key in darwin executable
Date: Mon, 05 Oct 2009 12:22:00 -0000 [thread overview]
Message-ID: <ED3E12A2-89A5-4C15-A2D0-EF314C8A404C@adacore.com> (raw)
Hi,
special authorizations are required to run gdb on Darwin. Making gdb
setgid procmod is required for Tiger
but later OS versions may need code signature. Signing an executable
requires keys info in the binary.
This patch adds these keys.
I think we should let the user or the system administrator signing the
executable by itself as we can't
create and publish a certificate.
Tristan.
2009-10-05 Tristan Gingold <gingold@adacore.com>
* darwin-nat.c: Add __TEXT __info_plist content.
(darwin_attach_pid): Update error message.
diff --git a/gdb/darwin-nat.c b/gdb/darwin-nat.c
index 237c465..daa9df9 100644
--- a/gdb/darwin-nat.c
+++ b/gdb/darwin-nat.c
@@ -147,6 +147,34 @@ static struct inferior *darwin_inf_fake_stop;
/* This controls output of inferior debugging. */
static int darwin_debug_flag = 0;
+/* Create a __TEXT __info_plist section in the executable so that gdb
could
+ be signed. This is required to get an authorization for
task_for_pid.
+
+ Once gdb is built, you can either:
+ * make it setgid procmod
+ * or codesign it with any system-trusted signing authority.
+ See taskgated(8) for details. */
+static const unsigned char info_plist[]
+__attribute__ ((section ("__TEXT,__info_plist"),used)) =
+ "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n"
+ "<!DOCTYPE plist PUBLIC \"-//Apple Computer//DTD PLIST 1.0//EN\""
+ " \"http://www.apple.com/DTDs/PropertyList-1.0.dtd\">\n"
+ "<plist version=\"1.0\">\n"
+ "<dict>\n"
+ " <key>CFBundleIdentifier</key>\n"
+ " <string>org.gnu.gdb</string>\n"
+ " <key>CFBundleName</key>\n"
+ " <string>gdb</string>\n"
+ " <key>CFBundleVersion</key>\n"
+ " <string>1.0</string>\n"
+ " <key>SecTaskAccess</key>\n"
+ " <array>\n"
+ " <string>allowed</string>\n"
+ " <string>debug</string>\n"
+ " </array>\n"
+ "</dict>\n"
+ "</plist>\n";
+
static void
inferior_debug (int level, const char *fmt, ...)
{
@@ -1323,7 +1351,7 @@ darwin_attach_pid (struct inferior *inf)
}
error (_("Unable to find Mach task port for process-id %d: %s
(0x%lx).\n"
- " (please check gdb is setgid procmod)"),
+ " (please check gdb is codesigned - see taskgated(8))"),
inf->pid, mach_error_string (kret), (unsigned long)
kret);
}
next reply other threads:[~2009-10-05 12:22 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-10-05 12:22 Tristan Gingold [this message]
2009-10-05 17:30 ` Joel Brobecker
2009-10-06 12:26 ` Tristan Gingold
2009-10-06 15:07 ` Joel Brobecker
2009-10-06 4:18 ` Paul Pluzhnikov
2009-10-06 8:27 ` Tristan Gingold
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ED3E12A2-89A5-4C15-A2D0-EF314C8A404C@adacore.com \
--to=gingold@adacore.com \
--cc=gdb-patches@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox