Enable dtrace without sudo on Mac OS X?

Question

How do I enable users to use dtrace on Mac OS X. I am trying to do the equivalent of strace on Linux, and I don't like running applications with elevated privileges.

UPDATE

Ok, the best I can tell. The only way to keep a nefarious application from ruining the system by debugging it is to.

Attach to the process in a separate console
Use sudo twice

So that:

sudo dtruss sudo -u myusername potentially_harmful_app

I verified this with this short program:

#include <iostream>
#include <unistd.h>
int main()
{
  std::cout << "effective euid " << geteuid() << "\n";
}

See this discussion for more info:

http://discussions.apple.com/message.jspa?messageID=6430877

Juan · Accepted Answer · 2010-12-24T18:26:26.860

3

Please see my update above. This is a bad security hole if I've ever seen one. A proper implementation of dtruss should drop privileges of any program it invokes. Having several users on a system, one of them would be bound to mess this up and allow a badly written program to trash things.

edited Dec 24 '10 at 18:26

answered Dec 23 '10 at 01:33

Juan

245

score 1 · Answer 2 · answered Dec 23 '10 at 00:03

1

chmod 4755 dtrace as root

any time you run the program will run with root privileges

answered Dec 23 '10 at 00:03

silviud

2,735

score 1 · Answer 3 · answered Dec 23 '10 at 00:47

1

You can't have both. dtrace requires root privileges to talk to the kernel, so it either has to run with root privs (setuid) or by root.

answered Dec 23 '10 at 00:47

Brian Topping

145

Enable dtrace without sudo on Mac OS X?

3 Answers3