Remote Debugging for Authorization Plugins

Apple Recommended

  • Hey Quinn,

    I know the forum name changed again, but it's still me. This post really really really made my day!

    Thanks, Josh

Add a Comment

Replies

It would seem that SecurityAgent has some anti-debug protection in it now as I can't connect to the running instance with lldb.

Correct. In addition to the protection provided by SIP, it also calls PT_DENY_ATTACH (see the ptrace man page for more on that).

Any ideas?

Some thoughts:

  • As a (primarily) network developer, I think it’s unfair to characterise logging as “caveman debugging”. There are a bunch of problems that can only be solved that way, especially problems that are only reproducible in the field. When plugging in to odd parts of the system I recommend that you spend some time making sure your logging is up to scratch for exactly that reason. If that helps with your day-to-day debugging, all the better.

  • However, I recognise that there are some times when you want to just step through the code. I think it reasonable that macOS should support this for authorisation plug-ins, and I recommend you file a bug report along those lines.

    Please post your bug number, just for the record.

  • When confronted with this problem my usual approach is to build infrastructure such that I can test (and hence debug) the vast majority of my code in a normal runtime environment. This means that I only have to worry about debugging the differences between the real environment and my test environment, a much more limited problem.

  • In many cases logging is the right way to debug those differences. In the rare situations where it’s not, I created a nasty hack to get the debugger working. Alas, I can’t share that.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
let myEmail = "eskimo" + "1" + "@apple.com"

Hi Quinn,


No offence intended with the debugging remark! It just feels akward to not be able to use the debugger. If I'm ever able to file a radar (Access to bug reporter is broken case: 100373047075) I'll be sure to post my numbers on the remote debugging back here.


Thanks,

Josh

Hey Quinn,


I filed two related radars:

38755732 (Xcode has no way to Debug Authorization Plug-ins)

38756363 (Xcode Doesn't Support Remote Debugging on macOS)


Thanks!

Josh

  • Hey Quinn,

    I know the forum name changed again, but it's still me. This post really really really made my day!

    Thanks, Josh

Add a Comment