Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to Allow debugserver Output #1297

Open
eopeter opened this issue Feb 21, 2024 · 5 comments
Open

How to Allow debugserver Output #1297

eopeter opened this issue Feb 21, 2024 · 5 comments

Comments

@eopeter
Copy link

eopeter commented Feb 21, 2024

Running into a situation where when I am running a debugger in IntelliJ in lockdown mode, the output gets blocked. I added a compiler rule as below for the debugserver binary but no dice

$ santactl fileinfo  /Library/Developer/CommandLineTools/Library/PrivateFrameworks/LLDB.framework/Versions/A/Resources/debugserver 
Path                   : /Library/Developer/CommandLineTools/Library/PrivateFrameworks/LLDB.framework/Versions/A/Resources/debugserver
SHA-256                : c7fe54274e6bda205aa0eda81d12b11216a8c080e0103e76cdcab7fae8ea3585
SHA-1                  : c40969d0aa732f19ca48580b9b6148c8c35c845a
Bundle Name            : debugserver
Bundle Version         : 2
Team ID                : 59GAB85EFG
Signing ID             : com.apple.debugserver
Type                   : Executable (arm64, x86_64, arm64e)
Code-signed            : Yes
Rule                   : Allowed (Compiler)
Signing Chain:
    1. SHA-256             : d84db96af8c2e60ac4c851a21ec460f6f84e0235beb17d24a78712b9b021ed57
       SHA-1               : efdbc9139dd98dbae5a9c7165a096511b15eaef9
       Common Name         : Software Signing
       Organization        : Apple Inc.
       Organizational Unit : Apple Software
       Valid From          : 2020/10/29 14:32:38 -0400
       Valid Until         : 2026/10/24 13:39:41 -0400

    2. SHA-256             : 5bdab1288fc16892fef50c658db54f1e2e19cf8f71cc55f77de2b95e051e2562
       SHA-1               : 1d010078a61f4fa4694aff4db1ac266ce1b45946
       Common Name         : Apple Code Signing Certification Authority
       Organization        : Apple Inc.
       Organizational Unit : Apple Certification Authority
       Valid From          : 2011/10/24 13:39:41 -0400
       Valid Until         : 2026/10/24 13:39:41 -0400

    3. SHA-256             : b0b1730ecbc7ff4505142c49f1295e6eda6bcaed7e2c68c5be91b5a11001f024
       SHA-1               : 611e5b662c593a08ff58d14ae22452d198df6c60
       Common Name         : Apple Root CA
       Organization        : Apple Inc.
       Organizational Unit : Apple Certification Authority
       Valid From          : 2006/04/25 17:40:36 -0400
       Valid Until         : 2035/02/09 16:40:36 -0500
@pmarkowsky
Copy link
Contributor

@eopeter can you share the block logline? This is usually in /var/db/santa/santa.log if you're using text logs.

Also if there's a temporary file being generated by the debugserver can you share the fileinfo for that?

If you have EnableDebugLogging set to <true/> in your config profile. Then the output from

sudo log stream --level debug --style compact --predicate 'sender == "com.google.santa.daemon"' would also be helpful.

Also #1299 might help here.

@eopeter
Copy link
Author

eopeter commented Mar 8, 2024

@pmarkowsky this is the block log line:

[2024-03-08T21:32:59.120Z] I santad: action=EXEC|decision=DENY|reason=UNKNOWN|explain=Signature ignored due to error: -67062|sha256=af414908e47473f9aa1447541fe2198188d0db2ce798b806859f787669969156|pid=16571|pidversion=7889775|ppid=16570|uid=0|user=root|gid=0|group=wheel|mode=L|path=/Users/XXXX/Library/Caches/JetBrains/Idea/tmp/GoLand/___main|args=/Users/XXXX/Library/Caches/JetBrains/Idea/tmp/GoLand/___main

@eopeter
Copy link
Author

eopeter commented Mar 8, 2024

For the following Log Line
[2024-03-08T21:49:36.208Z] I santad: action=EXEC|decision=DENY|reason=UNKNOWN|explain=Signature ignored due to error: -67062|sha256=af414908e47473f9aa1447541fe2198188d0db2ce798b806859f787669969156|pid=54767|pidversion=7967827|ppid=54766|uid=0|user=root|gid=0|group=wheel|mode=L|path=/Users/XXXX/Library/Caches/JetBrains/Idea/tmp/GoLand/___main|args=/Users/XXXX/Library/Caches/JetBrains/Idea/tmp/GoLand/___main
I got the following logstream around the same time

2024-03-08 16:49:36.004 Df com.google.santa.daemon[398:a07a6d] D com.google.santa.daemon: Watching compiler pid=54763
2024-03-08 16:49:59.660 Df com.google.santa.daemon[398:a08476] D com.google.santa.daemon: No changes to set of watched paths

@eopeter
Copy link
Author

eopeter commented Mar 8, 2024
edited
Loading 

2024-03-08 16:58:10.815 Df com.google.santa.daemon[398:a12cb3] I com.google.santa.daemon: Flushing caches
2024-03-08 16:59:39.252 Df com.google.santa.daemon[398:a14ee5] D com.google.santa.daemon: Watching compiler pid=75687
2024-03-08 16:59:59.666 Df com.google.santa.daemon[398:a15750] D com.google.santa.daemon: No changes to set of watched paths.

happened with

[2024-03-08T21:59:39.461Z] I santad: action=EXEC|decision=DENY|reason=UNKNOWN|explain=Signature ignored due to error: -67062|sha256=af414908e47473f9aa1447541fe2198188d0db2ce798b806859f787669969156|pid=75693|pidversion=8009807|ppid=75691|uid=0|user=root|gid=0|group=wheel|mode=L|path=/Users/XXXX/Library/Caches/JetBrains/Idea/tmp/GoLand/___main|args=/Users/XXXX/Library/Caches/JetBrains/Idea/tmp/GoLand/___main

The stream log entries only happens after the cache is flushed. Not on all DENY

@eopeter
Copy link
Author

eopeter commented Mar 29, 2024

@pmarkowsky does this logs provide any insight?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pmarkowsky @eopeter