From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 8834 invoked by alias); 5 Oct 2009 12:22:48 -0000 Received: (qmail 8823 invoked by uid 22791); 5 Oct 2009 12:22:47 -0000 X-SWARE-Spam-Status: No, hits=-2.3 required=5.0 tests=AWL,BAYES_00 X-Spam-Check-By: sourceware.org Received: from mel.act-europe.fr (HELO mel.act-europe.fr) (212.99.106.210) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Mon, 05 Oct 2009 12:22:42 +0000 Received: from localhost (localhost [127.0.0.1]) by filtered-smtp.eu.adacore.com (Postfix) with ESMTP id 32736290023 for ; Mon, 5 Oct 2009 14:22:40 +0200 (CEST) Received: from mel.act-europe.fr ([127.0.0.1]) by localhost (smtp.eu.adacore.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d8H6u4vAevxr for ; Mon, 5 Oct 2009 14:22:39 +0200 (CEST) Received: from ulanbator.act-europe.fr (ulanbator.act-europe.fr [10.10.1.67]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by mel.act-europe.fr (Postfix) with ESMTP id 755ED29001E for ; Mon, 5 Oct 2009 14:22:39 +0200 (CEST) From: Tristan Gingold Content-Type: text/plain; charset=us-ascii; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Subject: [RFA-Darwin]: Add an info key in darwin executable Date: Mon, 05 Oct 2009 12:22:00 -0000 Message-Id: To: gdb-patches ml Mime-Version: 1.0 (Apple Message framework v1076) X-IsSubscribed: yes Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org X-SW-Source: 2009-10/txt/msg00107.txt.bz2 Hi, special authorizations are required to run gdb on Darwin. Making gdb setgid procmod is required for Tiger but later OS versions may need code signature. Signing an executable requires keys info in the binary. This patch adds these keys. I think we should let the user or the system administrator signing the executable by itself as we can't create and publish a certificate. Tristan. 2009-10-05 Tristan Gingold * darwin-nat.c: Add __TEXT __info_plist content. (darwin_attach_pid): Update error message. diff --git a/gdb/darwin-nat.c b/gdb/darwin-nat.c index 237c465..daa9df9 100644 --- a/gdb/darwin-nat.c +++ b/gdb/darwin-nat.c @@ -147,6 +147,34 @@ static struct inferior *darwin_inf_fake_stop; /* This controls output of inferior debugging. */ static int darwin_debug_flag = 0; +/* Create a __TEXT __info_plist section in the executable so that gdb could + be signed. This is required to get an authorization for task_for_pid. + + Once gdb is built, you can either: + * make it setgid procmod + * or codesign it with any system-trusted signing authority. + See taskgated(8) for details. */ +static const unsigned char info_plist[] +__attribute__ ((section ("__TEXT,__info_plist"),used)) = + "\n" + "\n" + "\n" + "\n" + " CFBundleIdentifier\n" + " org.gnu.gdb\n" + " CFBundleName\n" + " gdb\n" + " CFBundleVersion\n" + " 1.0\n" + " SecTaskAccess\n" + " \n" + " allowed\n" + " debug\n" + " \n" + "\n" + "\n"; + static void inferior_debug (int level, const char *fmt, ...) { @@ -1323,7 +1351,7 @@ darwin_attach_pid (struct inferior *inf) } error (_("Unable to find Mach task port for process-id %d: %s (0x%lx).\n" - " (please check gdb is setgid procmod)"), + " (please check gdb is codesigned - see taskgated(8))"), inf->pid, mach_error_string (kret), (unsigned long) kret); }