How do I enable users to use dtrace on Mac OS X. I am trying to do the equivalent of strace on Linux, and I don't like running applications with elevated privileges.
UPDATE
Ok, the best I can tell. The only way to keep a nefarious application from ruining the system by debugging it is to.
- Attach to the process in a separate console
- Use sudo twice
So that:
sudo dtruss sudo -u myusername potentially_harmful_app
I verified this with this short program:
#include <iostream>
#include <unistd.h>
int main()
{
std::cout << "effective euid " << geteuid() << "\n";
}
See this discussion for more info:
Please see my update above. This is a bad security hole if I've ever seen one. A proper implementation of dtruss should drop privileges of any program it invokes. Having several users on a system, one of them would be bound to mess this up and allow a badly written program to trash things.
chmod 4755 dtrace as root
any time you run the program will run with root privileges
You can't have both. dtrace requires root privileges to talk to the kernel, so it either has to run with root privs (setuid) or by root.