How to debug programs with "sudo" in VSCODE

Question

I am trying to debug a program in VSCODE. The program needs to be launched as root or with "sudo" on Ubuntu. What's the best way to achieve this? An example launch configuration would be helpful. Thanks.

Answer 1

I made it work by using pkexec as shown in the previous answers. There was just one catch. How to avoid it prompting for a password every time I run the debugger and at the same time have some kind of reasonable level of security.

I chose to use polkit to make pkexec stop asking for password only when gdb was used. It is also possible to make it ask for password the first time and then remember it, but i could not get that to work inside vscode (did not debug that much, so it might be possible).

Baiscally polkit is kind of a policy management kit used for when lower privileged applications tries to get higher level privileges. And pkexec can be configured with it. It should be present in most distributions.

How Create the file /usr/share/polkit-1/actions/freedesktop.policykit.pkexec.run-gdb.policy with the following content

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE policyconfig PUBLIC
  "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
  "http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
<policyconfig>

  <action id="org.freedesktop.policykit.pkexec.run-gdb">
    <description>Some Description</description>
    <message>Some Message</message>
    <defaults>
      <allow_any>no</allow_any>
      <allow_inactive>yes</allow_inactive>
      <allow_active>yes</allow_active>
    </defaults>
    <annotate key="org.freedesktop.policykit.exec.path">/usr/bin/gdb</annotate>
  </action>

</policyconfig>

This tells pkexec to stop asking for password when gdb is run as root.

The documentation for the xml file can be seen on the man pages https://linux.die.net/man/1/pkexec and on some random wiki page i found https://wiki.archlinux.org/title/Polkit

Answer 2

launch.json:

{
    "miDebuggerPath": "${workspaceFolder}/gdb_root.sh"
}

gdb_root.sh:

#!/bin/bash
SELF_PATH=$(realpath -s "$0")

if [[ "$SUDO_ASKPASS" = "$SELF_PATH" ]]; then
    zenity --password --title="$1"
else
    exec env SUDO_ASKPASS="$SELF_PATH" sudo -A /usr/bin/gdb $@
fi

chmod +x gdb_root.sh

main.c:

#define _GNU_SOURCE
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>

int main()
{
    // accept signal from VSCode for pausing/stopping
    char *sudo_uid = getenv("SUDO_UID");
    if (sudo_uid)
        setresuid(0, 0, atoi(sudo_uid));

    printf("uid = %d\n", getuid());
}

Answer 3

Very easy way to solve this for golang is to:

$ sudo chown root:$(id -g) ~/go/bin/dlv
$ sudo chmod u+s ~/go/bin/dlv

This way dlv will be executed as root.

It is pretty much the same for other languages. ALlow the debugger to run as root instead of relying in other config files or wrappers.

Answer 4

This worked for java, but maybe for other languages too:

When first running a debug session, VSCode creates a terminal called e.g. Debug: Main. Just open the terminal, press Ctrl+C, typesudo su, enter your password and next time the debug session will be launched from this terminal with root privileges

Answer 5

I have been in a similar situation recently- I have solved it by adding {"sudo": true} in launch.json file under .vscode directory.

just added the following line in .vscode>launch.json

{
    "version": "0.2.0",
    "configurations": [
        {
            "other..." : "configs...",
            "request": "launch",
            "console": "integratedTerminal",
            "args": [
                "${file}"
            ],
            "sudo": true
        }
    ]
}

VS code version I'm using is -

Version: 1.49.1 OS: Ubuntu 16.04 LTS, 64-bit

This appears to not work on all languages. For me it worked for python 3.x Other users reported it doesn't work for C/C++.

Answer 6

As from the previous answers I had to use the method with a executable file in the home directory like: /home/youruser/gdbasroot

But I had to use the content:

sudo /usr/bin/gdb "$@"

instead of gdbk because I couldn't get gdbk to work without prompting for a password (which didnt work as its called by vscode remote debuger). I did it according this post (the upvoted and accepted answer):

https://askubuntu.com/questions/542397/change-default-user-for-authentication

When using sudo you can issue a sudo command in the vscode terminal and from then on you can use the "sudo debugger" without the password. Otherwise vscode gets prompted and can't handle it.

Greetings

Answer 7

My solution:

add /usr/bin/gdb to /etc/sudoers like here

add a executable file whose content is

sudo /usr/bin/gdb "$@"

set miDebuggerPath to the file

Answer 8

I did the following:

1. create a script called "gdb" in e.g. my home directory, containing: pkexec /usr/bin/gdb "$@"
2. make it executable
3. modify the launch.json in VSCode to call the script (obviously change username accordingly) by adding "miDebuggerPath":

...
            "externalConsole": false,
            "miDebuggerPath": "/home/<username>/gdb",
            "MIMode": "gdb",
...

4. whilst debugging, use top or such like to verify the process is running as root.

That should be enough.

Answer 9

Do not know the way to make vscode to run sudo gdb. But you can sudo to run vscode so natually you can sudo gdb for debug.

sudo code . --user-data-dir='.'