vscode-pythonCpp icon indicating copy to clipboard operation
vscode-pythonCpp copied to clipboard

Published 20 hours ago verified publisher icon benibenj

Superuser access warning message

Open FelipeMLopez opened this issue 1 year ago • 3 comments

Hi!

I recently started seeing a warning message when using the Python C++ Debugger that says "Superuser access is required to attach to a process. Attaching as superuser can potentially harm your computer. Do you want to continue?" I don't recall seeing this message before and was wondering if there have been any recent changes that would cause this message to appear.

Immediately before seeing this message, the extension executes:

/usr/bin/env /bin/sh /tmp/Microsoft-MIEngine-Cmd-lwaf5ewy.4jh

Thank you for your help!

FelipeMLopez avatar Jun 26 '23 16:06 FelipeMLopez

I managed to overcome the problem by using:

echo 0 | sudo tee /proc/sys/kernel/yama/ptrace_scope

but I would still like to know if there have been any changes that would cause this message to appear.

Thanks!

FelipeMLopez avatar Jun 26 '23 16:06 FelipeMLopez

I'm having the same issue, @FelipeMLopez do you know if there would be a way to turn it on and off before and after each debugging session? I tried using tasks like this:

{
    "label": "Disable ptrace_scope",
    "type": "shell",
    "command": "echo 0 | sudo tee /proc/sys/kernel/yama/ptrace_scope",
},
{
    "label": "Enable ptrace_scope",
    "type": "shell",
    "command": "echo 1 | sudo tee /proc/sys/kernel/yama/ptrace_scope",
}

By using using preLaunchTask and postDebugTask but of course there's an issue with the second one (https://github.com/microsoft/vscode/issues/162745). Are you just manually setting it to 0 every time?

montmejat avatar Aug 07 '23 13:08 montmejat

Never mind, I was able to find a solution :)

In tasks.json I have:

{
    "version": "2.0.0",
    "tasks": [
        {
            "label": "Disable ptrace_scope",
            "type": "shell",
            "command": "echo 0 | sudo tee /proc/sys/kernel/yama/ptrace_scope",
        },
        {
            "label": "Enable ptrace_scope",
            "type": "shell",
            "command": "echo 1 | sudo tee /proc/sys/kernel/yama/ptrace_scope",
        }
    ]
}

And in my launch.json I have something like this:

{
  "version": "0.2.0",
  "configurations": [
    {
      "name": "Python C++ Debug",
      "type": "pythoncpp",
      "request": "launch",
      "pythonLaunchName": "Python: Current File",
      "cppAttachName": "default (gdb) Attach",
    },
    {
      "name": "Python: Current File",
      "type": "python",
      "request": "launch",
      "program": "${file}",
      "console": "integratedTerminal",
      "preLaunchTask": "Disable ptrace_scope",
      "postDebugTask": "Enable ptrace_scope"
    }
  ]
}

But to make it work, I had to use this trick: https://askubuntu.com/questions/643142/is-it-possible-to-enter-password-for-sudo-only-once-and-configure-it-to-not-req/643146#643146. I still lose a bit in security I guess, but it's more convenient. If you have any ideas of other ways to do it, I'd be happy to hear them!

montmejat avatar Aug 07 '23 13:08 montmejat