\pard\tx960\tx1920\tx2880\tx3840\tx4800\tx5760\tx6720\tx7680\tx8640\tx9600\f0\b0\i0\ulnone\fs28\fc0\cf0 Q: In my application, I invoke other commands and programs by using
\b system
\b0 () or other relatives like
\b popen
\b0 (),
\b execl
\b0 () . Sometimes when debugging my application, I run into this error message:\
\
\f1\fs24\fc1\cf1 sh: privileges disabled because of outstanding IPC access to task\
\
\f0\fs28 What does it mean and what can I do about it?\
\
A: This has to do with an unfortunate interaction between gdb and setuid program execution. When gdb is d
\pard\tx520\tx1060\tx1600\tx2120\tx2660\tx3200\tx3720\tx4260\tx4800\tx5320\fc1\cf1 When
\pard\tx960\tx1920\tx2880\tx3840\tx4800\tx5760\tx6720\tx7680\tx8640\tx9600\fc1\cf1 that
\pard\tx520\tx1060\tx1600\tx2120\tx2660\tx3200\tx3720\tx4260\tx4800\tx5320\fc1\cf1 process forks a child process,
\pard\tx960\tx1920\tx2880\tx3840\tx4800\tx5760\tx6720\tx7680\tx8640\tx9600\fc1\cf1 gdb would own the exception ports of that child process as well. Because of security issues, the kernel disallows gdb from owning the exceptions ports of a child process that is setuid. When you attempt this, the kernel
\pard\tx520\tx1060\tx1600\tx2120\tx2660\tx3200\tx3720\tx4260\tx4800\tx5320\fc1\cf1 generates the
\pard\tx960\tx1920\tx2880\tx3840\tx4800\tx5760\tx6720\tx7680\tx8640\tx9600\fc1\cf1 p
\pard\tx520\tx1060\tx1600\tx2120\tx2660\tx3200\tx3720\tx4260\tx4800\tx5320\fc1\cf1 There will be no conflict outside the debugger and you can run gdb as root as a workaround for debugging.\