From patchwork Mon Mar 25 13:45:09 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom de Vries X-Patchwork-Id: 87630 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id F335E3858433 for ; Mon, 25 Mar 2024 13:45:45 +0000 (GMT) X-Original-To: gdb-patches@sourceware.org Delivered-To: gdb-patches@sourceware.org Received: from smtp-out1.suse.de (smtp-out1.suse.de [IPv6:2a07:de40:b251:101:10:150:64:1]) by sourceware.org (Postfix) with ESMTPS id 44C603858D33 for ; Mon, 25 Mar 2024 13:45:19 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 44C603858D33 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=suse.de Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=suse.de ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 44C603858D33 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2a07:de40:b251:101:10:150:64:1 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1711374322; cv=none; b=Xlc6lUoWD0+qeC615nIgyMZ7+SYqO957kPjmVnftEgxAqqfHU8ZRVLSRBKU8OV7lLD3c4YEpf9HnQXzcAZSgfv2ye5pHBnmHZKbhmACvVjdTBv8TTK4lF8MVSsjthYToHtlNkh3wfYM9WLdAQoSWgQ3vlnU/AMsvxWrj0RPsDO8= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1711374322; c=relaxed/simple; bh=2g8AWkOyvK0PRLLhxSyNAkagdR3Y/nz0sATbUVwJY4c=; h=DKIM-Signature:DKIM-Signature:DKIM-Signature:DKIM-Signature:From: To:Subject:Date:Message-Id:MIME-Version; b=m1xaw9Dv8yklUE64PwtJKIFnGDdsok3/g8QqpF0OEhqHBa0Q46fQuCyta5043a7I/CzohTyR5yiccfi9/vj26/6fQlxdI4JmmiatlaVlNO1L0rC4FVzd7Ve1YPeDPaVO/1NyzU40L7DHhNCLEwKFW5/MldTmRBF789IODpTkFGM= ARC-Authentication-Results: i=1; server2.sourceware.org Received: from imap1.dmz-prg2.suse.org (imap1.dmz-prg2.suse.org [10.150.64.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id 39D3B351BE for ; Mon, 25 Mar 2024 13:45:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1711374318; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=KOKK32EBgRkJjEG1izie2jj4WWWWNL6l5hDTse3PN8Q=; b=UNz0u3Yp5we81orv9eYjVlsMpUZOd0Gj5nJ6TsK3x890pLPAjC3/lINc+ivyXcQHDxWD+N wtjWk6vZq2FkcxvZSPFGnT4ZMLLlF9EGmtzLsGN88Kls2lobTAH1v6uts1w2UvwLDztLW4 eRFE1hiFMtawpgUUN1P6Zf9yLq1yCaA= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1711374318; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=KOKK32EBgRkJjEG1izie2jj4WWWWNL6l5hDTse3PN8Q=; b=3Fj/yJGzbrNUSP7OaOWqH4JXSapgVfAfFewkOwTQqJxTa13w+6KE36fZSuUudSdTiCdqIB 3NnC19dPi5/mWWCg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1711374317; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=KOKK32EBgRkJjEG1izie2jj4WWWWNL6l5hDTse3PN8Q=; b=cGXwU46mdM+E0ZJRwZyTsySBLkjNXNizUdbsbHmH0jr+jfMT6PFAAwPgHpyetEIblPpQz8 qpJOCTxfGZK5SVnihgh7xoKaeet9Sv2elebYZHNSW0OuviHh81pA3arCp05celO1jPUurC PPAnixH9kr81jJiK0c4c9srv+HBZsSE= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1711374317; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=KOKK32EBgRkJjEG1izie2jj4WWWWNL6l5hDTse3PN8Q=; b=K14XcwLpHy+j4B2er346Yv1zqr58W8g+IQGQCTZYMqBNv4xCaIWpOsUcSBCKZoSA0SbSVw gfroTJE72UDDlYCw== Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id 23A99137C4 for ; Mon, 25 Mar 2024 13:45:17 +0000 (UTC) Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167]) by imap1.dmz-prg2.suse.org with ESMTPSA id LydhB+1/AWZDbQAAD6G6ig (envelope-from ) for ; Mon, 25 Mar 2024 13:45:17 +0000 From: Tom de Vries To: gdb-patches@sourceware.org Subject: [PATCH 1/2] [gdb] Add contrib/sudo-allow-ptrace.sh Date: Mon, 25 Mar 2024 14:45:09 +0100 Message-Id: <20240325134510.24399-1-tdevries@suse.de> X-Mailer: git-send-email 2.35.3 MIME-Version: 1.0 X-Spam-Score: 0.87 X-Spamd-Result: default: False [0.87 / 50.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_MISSING_CHARSET(2.50)[]; TO_DN_NONE(0.00)[]; BROKEN_CONTENT_TYPE(1.50)[]; RCVD_COUNT_THREE(0.00)[3]; NEURAL_HAM_SHORT(-0.03)[-0.125]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; BAYES_HAM(-3.00)[100.00%]; ARC_NA(0.00)[]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[gdb-patches@sourceware.org]; RCPT_COUNT_ONE(0.00)[1]; DKIM_SIGNED(0.00)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519]; MID_CONTAINS_FROM(1.00)[]; FUZZY_BLOCKED(0.00)[rspamd.com]; RCVD_TLS_ALL(0.00)[] X-Spam-Level: Authentication-Results: smtp-out1.suse.de; none X-Spam-Status: No, score=-12.2 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, KAM_SHORT, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: gdb-patches@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Gdb-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: gdb-patches-bounces+patchwork=sourceware.org@sourceware.org Some linux systems have the setting kernel.yama.ptrace_scope set to 1 or 2. This limits the ability to attach to processes, for security reasons. However, this can get in the way of for instance: - debugging an application, and - running certain test-cases in the gdb testsuite. This can be worked around by setting kernel.yama.ptrace_scope to 0, either: - temporarily (until the next reboot), using: - "echo 0 | sudo tee /proc/sys/kernel/yama/ptrace_scope", or - "sudo sysctl -w kernel.yama.ptrace_scope=0", - or permanently, by editing /etc/sysctl.conf or adding a file to /etc/sysctl.d. However, it may be the case that setting kernel.yama.ptrace_scope to 0 is not desirable, for instance when trying to debug an application on a production system. Another way of working around this is by running as root, but this may be undesirable as well. Here ( https://wiki.archlinux.org/title/Capabilities ) it's demonstrated how to run gdb while temporarily adding the CAP_SYS_PTRACE capability using capsh. I tried out this approach on the test-suite, and found that while capsh uses "--user $USER", some things are different from being $USER: - $HOME is /root, not /home/$USER - USER and LOGNAME are root - ulimit -c is 0, even though I set it to unlimited in /home/$USER/.bashrc. Add a convenience script gdb/contrib/sudo-allow-ptrace.sh that takes care of these differences. With the script, I'm able to run the test-suite as usual on a kernel.yama.ptrace_scope=1/2 system. There's only one regression compared to kernel.yama.ptrace_scope=0, in gdb.base/attach-deleted-exec.exp, which is filed as PR gdb/31528. A following patch deals with this. Tested and shell-checked on x86_64-linux. PR external/31520 Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=31520 --- gdb/contrib/sudo-allow-ptrace.sh | 110 +++++++++++++++++++++++++++++++ 1 file changed, 110 insertions(+) create mode 100755 gdb/contrib/sudo-allow-ptrace.sh base-commit: 61ced226a4fc2e6df7836cd9c0f7e1ad47af2440 diff --git a/gdb/contrib/sudo-allow-ptrace.sh b/gdb/contrib/sudo-allow-ptrace.sh new file mode 100755 index 00000000000..f46ba7cd9ab --- /dev/null +++ b/gdb/contrib/sudo-allow-ptrace.sh @@ -0,0 +1,110 @@ +#!/bin/sh + +# Copyright (C) 2024 Free Software Foundation, Inc. +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +# This script intends to facilitate using gdb to attach to processes +# on a kernel.yama.ptrace_scope=1 system, without changing the setting and +# without becoming root. +# +# Example usage (running the gdb testsuite): +# $ cd build/gdb/testsuite +# $ sudo-allow-ptrace.sh make check +# +# Example usage (using gdb to attach to process): +# $ sudo-allow-ptrace.sh gdb -p +# +# The script is based on this [1] recipe. +# +# [1] https://wiki.archlinux.org/title/Capabilities. + +set -e + +case " $1 " in + " --stage2 ") + stage=2 + shift + ;; + + " --stage3 ") + stage=3 + shift + ;; + + *) + stage=1 + ;; +esac + +if [ $stage = 1 ]; then + # STAGE 1, as user $USER. + + # shellcheck disable=SC3045 + ulimit_core_hard=$(ulimit -Hc) + # shellcheck disable=SC3045 + ulimit_core_soft=$(ulimit -Sc) + + exec \ + sudo -E \ + "$0" \ + --stage2 \ + "$USER" \ + "$HOME" \ + "$ulimit_core_hard" \ + "$ulimit_core_soft" \ + "$@" +elif [ $stage = 2 ]; then + # STAGE 2, as user root. + + export user="$1" + shift + + export home="$1" + shift + + ulimit_core_hard="$1" + shift + + ulimit_core_soft="$1" + shift + + # shellcheck disable=SC3045 + ulimit -Hc "$ulimit_core_hard" + # shellcheck disable=SC3045 + ulimit -Sc "$ulimit_core_soft" + + exec \ + capsh \ + --caps="cap_setpcap,cap_setuid,cap_setgid+ep cap_sys_ptrace+eip" \ + --keep=1 \ + --user="$user" \ + --addamb="cap_sys_ptrace" \ + --shell="$0" \ + -- \ + --stage3 \ + "$user" \ + "$home" \ + "$@" +elif [ $stage = 3 ]; then + # STAGE 3, as user root with "assumed identity" $USER. + + export USER="$1" + export LOGNAME="$1" + shift + + export HOME="$1" + shift + + exec "$@" +fi From patchwork Mon Mar 25 13:45:10 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom de Vries X-Patchwork-Id: 87631 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 00C223858D3C for ; Mon, 25 Mar 2024 13:45:46 +0000 (GMT) X-Original-To: gdb-patches@sourceware.org Delivered-To: gdb-patches@sourceware.org Received: from smtp-out2.suse.de (smtp-out2.suse.de [IPv6:2a07:de40:b251:101:10:150:64:2]) by sourceware.org (Postfix) with ESMTPS id 5A16B3858D38 for ; Mon, 25 Mar 2024 13:45:19 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 5A16B3858D38 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=suse.de Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=suse.de ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 5A16B3858D38 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2a07:de40:b251:101:10:150:64:2 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1711374322; cv=none; b=ZRSggeggbBM+hN7QcmaI+FlQnCFPhahNyW//EBEWnW4NP+o4/wbsr88VS+mHiGrQbe/yEGzFTV0LUwkXOTWmQ7ll1VfbITelq65ohf9lfkM05WgYY1yabxtEQXxRAu/93Kyp838kd4Leo4u6ig48T8z8oh7D8Jc02OJ/8yhXO2o= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1711374322; c=relaxed/simple; bh=JapeNYffo9AhohgLKTn3DZgo3Eg5NlbepLYIRbE4SpY=; h=DKIM-Signature:DKIM-Signature:DKIM-Signature:DKIM-Signature:From: To:Subject:Date:Message-Id:MIME-Version; b=QyGFCJ+EbOEqWkLZ/1mjpHD58rWauGUkd4geqaEl7fZCkLOiUP+mtvG/hB6TiwjFUbAWrqN75JXiGaQe2IBqLPWfqTMIMzGAOA/XyOGa74uqJfvCFvWklB1+EjgvPHkicHsCa5YsDF741C+yYxcGW1Jw4fuy76uf3CCT0KDh8t4= ARC-Authentication-Results: i=1; server2.sourceware.org Received: from imap1.dmz-prg2.suse.org (imap1.dmz-prg2.suse.org [IPv6:2a07:de40:b281:104:10:150:64:97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id 585F85C72C for ; Mon, 25 Mar 2024 13:45:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1711374318; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=QyuYh0/E2iruUdmtsUoAy/eWXRBBZygkkcU7Y72UCyk=; b=ccYHhk24PyCQXtR6qgZ0oNvXCOg9Y57Tzkl9h3udYjqoLhAv00UX7982XKh8xkt8wNu4Dc wK3JxkOb489An1faOeAVhcaDuu6qrmlPGJSxuwncYskeIvKeFjI/Rj634XGds7iSDsNpYk DWvP06BUBQY7Ot5D1V9uEo/d88egfag= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1711374318; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=QyuYh0/E2iruUdmtsUoAy/eWXRBBZygkkcU7Y72UCyk=; b=gpNpa9StdZwZBHYO2sJCqHOvUf0Pa1iTz/VDIlGQzdw+rsc/Sude1lCM4Sk/v2LVmL/mzb qDcemEmHmTHIAmDw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1711374317; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=QyuYh0/E2iruUdmtsUoAy/eWXRBBZygkkcU7Y72UCyk=; b=QlIgQznU98hUMw6ZCzQvFtw2zWSGBKsWmrYIQyRNZfgVfh0vkxi6g2q/rHt6iImO46SBxc g/Y6FBha766yTEfcDJ8IlilpST3A+1Fz5z32OTK/24cw5QNbWzZBry0j4Ks/f4rYlCMuyA ETceQmIsH7Qdcy6ihw10/jidcoV/8tI= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1711374317; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=QyuYh0/E2iruUdmtsUoAy/eWXRBBZygkkcU7Y72UCyk=; b=hUrBmqHIe+va7nXvrw57Cys3dIORb6gHld3+eLwFRHPvNEzBjEsfacWLSAyD366BllxvgP PsYdnaMzJm2fXvBg== Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id 4040313866 for ; Mon, 25 Mar 2024 13:45:17 +0000 (UTC) Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167]) by imap1.dmz-prg2.suse.org with ESMTPSA id EGxcDu1/AWZDbQAAD6G6ig (envelope-from ) for ; Mon, 25 Mar 2024 13:45:17 +0000 From: Tom de Vries To: gdb-patches@sourceware.org Subject: [PATCH 2/2] [gdb] Fix gdb.base/attach-deleted-exec.exp with sudo-allow-ptrace.sh Date: Mon, 25 Mar 2024 14:45:10 +0100 Message-Id: <20240325134510.24399-2-tdevries@suse.de> X-Mailer: git-send-email 2.35.3 In-Reply-To: <20240325134510.24399-1-tdevries@suse.de> References: <20240325134510.24399-1-tdevries@suse.de> MIME-Version: 1.0 X-Spam-Level: X-Spamd-Bar: / Authentication-Results: smtp-out2.suse.de; dkim=pass header.d=suse.de header.s=susede2_rsa header.b=QlIgQznU; dkim=pass header.d=suse.de header.s=susede2_ed25519 header.b=hUrBmqHI X-Rspamd-Server: rspamd2.dmz-prg2.suse.org X-Spamd-Result: default: False [0.49 / 50.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519]; FROM_HAS_DN(0.00)[]; R_MISSING_CHARSET(2.50)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[gdb-patches@sourceware.org]; BROKEN_CONTENT_TYPE(1.50)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000]; RCVD_COUNT_THREE(0.00)[3]; TO_DN_NONE(0.00)[]; DKIM_SIGNED(0.00)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519]; DKIM_TRACE(0.00)[suse.de:+]; MX_GOOD(-0.01)[]; MID_CONTAINS_FROM(1.00)[]; DBL_BLOCKED_OPENRESOLVER(0.00)[suse.de:dkim,suse.com:url]; FUZZY_BLOCKED(0.00)[rspamd.com]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; NEURAL_HAM_SHORT(-0.20)[-1.000]; RCVD_TLS_ALL(0.00)[]; BAYES_HAM(-3.00)[100.00%] X-Spam-Score: 0.49 X-Rspamd-Queue-Id: 585F85C72C X-Spam-Status: No, score=-12.2 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: gdb-patches@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Gdb-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: gdb-patches-bounces+patchwork=sourceware.org@sourceware.org When running test-case gdb.base/attach-deleted-exec.exp with script gdb/contrib/sudo-allow-ptrace.sh, we run into: ... (gdb) attach 2804069^M Attaching to process 2804069^M No executable file now.^M warning: Could not load vsyscall page because no executable was specified^M 0x0000ffff79cd83c8 in ?? ()^M (gdb) FAIL: gdb.base/attach-deleted-exec.exp: \ attach to process with deleted executable ... The script sudo-allow-ptrace.sh was introduced to work around kernel.yama.ptrace_scope being set to 1 or 2, but this fail also happens for kernel.yama.ptrace_scope=0. The root cause for the fail is the failing "access (name, R_OK) == 0" check in linux_proc_pid_to_exec_file: ... /* Use /proc/PID/exe if the actual file can't be read, but /proc/PID/exe can be. */ if (access (buf, R_OK) != 0 && access (name, R_OK) == 0) strcpy (buf, name); ... In other words, the system says there's no read permission for /proc/PID/exe. Confusingly though, reading /proc/PID/exe works fine, so there seems to be a contradiction here. This behaviour can be minimally reproduced using: ... $ cat try.sh kill -9 $(pidof mysleep) 2> /dev/null cp /usr/bin/sleep mysleep md5sum mysleep ./mysleep 10000 & ( sleep 1 pid=$(pidof mysleep) echo "PID: $pid" test -r /proc/$pid/exe echo $? md5sum /proc/$pid/exe kill -9 $(pidof mysleep) 2> /dev/null ) ... and: ... $ cat ./try2.sh sudo \ -E \ capsh \ --caps="cap_setpcap,cap_setuid,cap_setgid+ep cap_sys_ptrace+eip" \ --keep=1 \ --user=$USER \ --addamb="cap_sys_ptrace" \ --shell=./try.sh -- ... which shows: ... $ ./try2.sh [sudo] password for root: 6a85b2e53dce34ce2c35129b5b20c50b mysleep PID: 4536 1 6a85b2e53dce34ce2c35129b5b20c50b /proc/4536/exe ... where: - according to test -r, we cannot read /proc/$pid/exe - but according to md5sum, we can read /proc/$pid/exe This was filed as a potential kernel PR here ( https://bugzilla.suse.com/show_bug.cgi?id=1221867 ). As for gdb, fix or workaround this by dropping the "access (name, R_OK) == 0" check. While reading about /proc/PID/exe I came across: - https://bugzilla.suse.com/show_bug.cgi?id=1216352 - https://bugzilla.kernel.org/show_bug.cgi?id=211593 which advise avoiding using readlink on /proc/PID/exec before reading. I've looked briefly into fixing this, but found that it's not trivial, so for now I've added a FIXME comment in linux_proc_pid_to_exec_file. PR gdb/31528 Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=31528 --- gdb/nat/linux-procfs.c | 25 ++++++++++++++++++++++--- 1 file changed, 22 insertions(+), 3 deletions(-) diff --git a/gdb/nat/linux-procfs.c b/gdb/nat/linux-procfs.c index b17e3120792..a3a16ed93af 100644 --- a/gdb/nat/linux-procfs.c +++ b/gdb/nat/linux-procfs.c @@ -345,6 +345,23 @@ linux_proc_pid_to_exec_file (int pid) char name[PATH_MAX]; ssize_t len; + /* FIXME: calling readlink to determine the file to read symbols from is + problematic. Consider the scenario where: + - we run an application /foo/bar, + - we use gdb to attach to the running application, + - gdb calls linux_proc_pid_to_exec_file to the get the filename to read + the symbols from, + - linux_proc_pid_to_exec_file calls readlink on /proc/PID/exe, and + returns /foo/bar, + - we remove /foo/bar, and + - gdb tries to read the symbols from /foo/bar, and fails. + At this point we can still read the symbols from /proc/PID/exe. + + See also: + - https://bugzilla.suse.com/show_bug.cgi?id=1216352 + - https://bugzilla.kernel.org/show_bug.cgi?id=211593 + */ + xsnprintf (name, PATH_MAX, "/proc/%d/exe", pid); len = readlink (name, buf, PATH_MAX - 1); if (len <= 0) @@ -352,9 +369,11 @@ linux_proc_pid_to_exec_file (int pid) else buf[len] = '\0'; - /* Use /proc/PID/exe if the actual file can't be read, but /proc/PID/exe - can be. */ - if (access (buf, R_OK) != 0 && access (name, R_OK) == 0) + /* Use /proc/PID/exe if the actual file can't be read. Note that we don't + check for "access ("/proc/PID/exe", R_OK) == 0". It possible that this + check will fail while we can actually read /proc/PID/exe ( + https://bugzilla.suse.com/show_bug.cgi?id=1221867 ). */ + if (access (buf, R_OK) != 0) strcpy (buf, name); return buf;