I'm using QFile to read/write /dev/cpu/X/msr, however ring0 is required. QFile is being called from a separate QThread.

Is there a way to escalate either QFile to root privileges, or maybe start a QThread as root?

I can run the entire application as root using sudo or gksudo, however this is not desired since not all situations require read/write to msr.

If it is Linux that you are referring to then you could read the capabilities man page (http://www.kernel.org/doc/man-pages/online/pages/man7/capabilities.7.html) as a way to give you program 'limited' superuser abilities.

If it is Linux that you are referring to then you could read the capabilities man page (http://www.kernel.org/doc/man-pages/online/pages/man7/capabilities.7.html) as a way to give you program 'limited' superuser abilities.

Thanks for the suggestion. Doesn't this require the application to be executed with superuser privileges already?

I modified my QT Creator run script to include 'sudo' so that the application is run as superuser, however the debugger does not attach to it (since it tries to attach to 'sudo', and rightfully so.) Short of running QT Creator as root, is there at least any way I can debug a root application?

The best way would be to get your application to use PAM, then you can request root privileges. If you are using KDE or Gnome, then they typically have there own method of doing this that pops up a nice window asking the user to enter their password.

I have not done this in anger but I don't think you should not need to run the whole application as root. You will need to use setpcap as root to attach allowable capabilities to the executable file and your file system(s) have to support storing these also. The whole topic of capabilities in Linux seems a bit murky.

Another approach would be to write a separate process that can be spun-off using sudo (without password) or marked setuid (or even setgid) to do just the privileged writing on your behalf either as a daemon or a one-off execution. You need to be very careful of abuse though.

I messed around with attaching capabilities using setpcap this morning, however none of them would 'take' unless the app was run as root to begin with. After reading more about the capability stuff, it looks like it's a way to trim down root applications so they can be allowed to do only what they need to as root, and not with every single perk that comes along with running as root. If this is true, it still requires the application to be executed as root (maybe someone familiar with this can correct me!)

I've never used PAM, how well does QT integrate with it?

You should be able to access PAM from any C/C++ code: Qt does not interface to PAM in any way I can see. Exactly which PAM module is going to fix this problem for you is a mystery to me: perhaps squidge knows?

I was thinking of starting the application as a standard user and then using PAM to request the root password and request privilege escalation. It's entirely possible that I'm mixing my words and/or talking crap. I just remember doing it somehow :)