[Bug external/31520] New: [gdb/external] Handle kernel.yama.ptrace_scope != 0

[Bug external/31520] New: [gdb/external] Handle kernel.yama.ptrace_scope != 0

[vries at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=31520

            Bug ID: 31520
           Summary: [gdb/external] Handle kernel.yama.ptrace_scope != 0
           Product: gdb
           Version: HEAD
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: external
          Assignee: unassigned at sourceware dot org
          Reporter: vries at gcc dot gnu.org
  Target Milestone: ---

openSUSE Tumbleweed recently changed the default of the
kernel.yama.ptrace_scope setting from 0 to 1.

This causes attach-type test-cases to fail.

For me, it's easily fixable by manually overriding the default in say
/etc/sysctl.conf or /etc/sysctl.d/10-ptrace.conf.

But there may be users who either don't want to do this, or are not allowed to
do this on the system at hand.

Using sudo should still work, but that may also be considered unacceptable, or
an inconvenience because the user really wants to be debugging as user $USER,
not as root.

I found this link (  https://wiki.archlinux.org/title/Capabilities ) which
advertises a way to still run as user, while having increased priviliges:
...
$ sudo -E capsh --caps="cap_setpcap,cap_setuid,cap_setgid+ep
cap_sys_ptrace+eip" --keep=1 --user="$USER" --addamb="cap_sys_ptrace"
--shell=/usr/bin/gdb -- -p <pid>
...

This does not yet work for me on openSUSE Leap 15.4, I need to debug this
further.

But it occurred to me that:
- this setting and problem is unmentioned in our docs, and
- that a script that supports allowing ptrace capabilities that would work on
  any linux system (or indicate why not) would be useful.

Whether this script should be part of the gdb contrib scripts (there are other
tools than gdb who would need the same script), and delivered to users or not,
I'm not sure.  But it would be good to have it somewhere, and to be able to
point to its location in the docs.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug external/31520] [gdb/external] Handle kernel.yama.ptrace_scope != 0

[vries at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=31520

--- Comment #1 from Tom de Vries <vries at gcc dot gnu.org> ---
So, this is the problem:
...
$ sleep 60 & gdb -q -p $(pidof sleep)
[4] 1786
Attaching to process 1786
ptrace: Operation not permitted.
(gdb) 
...

And this is the solution using sudo:
...
$ sleep 60 & sudo gdb -q -p $(pidof sleep)
[1] 1986
Attaching to process 1986
Reading symbols from /usr/bin/sleep...
(No debugging symbols found in /usr/bin/sleep)
Reading symbols from /lib64/libc.so.6...
(No debugging symbols found in /lib64/libc.so.6)
Reading symbols from /lib64/ld-linux-x86-64.so.2...
(No debugging symbols found in /lib64/ld-linux-x86-64.so.2)
0x00007f2fd01d70ca in clock_nanosleep@GLIBC_2.2.5 () from /lib64/libc.so.6
Missing separate debuginfos, use: zypper install
coreutils-debuginfo-8.32-150400.7.5.x86_64
(gdb) shell whoami
root
(gdb) 
...

And this is a solution using ptrace capabilities:
...
# sleep 60 & ./sudo-allow-ptrace.sh gdb -q -p $(pidof sleep)
[1] 1925
+ sudo -E capsh '--caps=cap_setpcap,cap_setuid,cap_setgid+ep
cap_sys_ptrace+eip' --keep=1 --user=vries --addamb=cap_sys_ptrace --shell=gdb
-- -q -p 1925
Attaching to process 1925
Reading symbols from /usr/bin/sleep...
(No debugging symbols found in /usr/bin/sleep)
Reading symbols from /lib64/libc.so.6...
(No debugging symbols found in /lib64/libc.so.6)
Reading symbols from /lib64/ld-linux-x86-64.so.2...
(No debugging symbols found in /lib64/ld-linux-x86-64.so.2)
0x00007feb59fed0ca in clock_nanosleep@GLIBC_2.2.5 () from /lib64/libc.so.6
(gdb) shell whoami
vries
(gdb) 
...
where ./sudo-allow-ptrace.sh is:
...
#!/bin/sh

shell="$1"
shift

set -x

sudo \
    -E capsh \
    --caps="cap_setpcap,cap_setuid,cap_setgid+ep cap_sys_ptrace+eip" \
    --keep=1 \
    --user="$USER" \
    --addamb="cap_sys_ptrace" \
    --shell=$shell -- \
    "$@"
...

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug external/31520] [gdb/external] Handle kernel.yama.ptrace_scope != 0

[vries at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=31520

--- Comment #2 from Tom de Vries <vries at gcc dot gnu.org> ---
Running:
...
$ ./sudo-allow-ptrace.sh ./scripts/test.sh
...
revealed some issues.

1. Core tests fail, ulimit -c dropped from unlimited (normally set in
~$USER/.bashrc) to 0:
...
(gdb) shell ulimit -Sc
0
(gdb) shell ulimit -Hc
0
...

2. $HOME is set to /root, so we run into:
...
(gdb) shell cd
bash: line 0: cd: /root: Permission denied
...
in gdb.base/default.exp and gdb.base/set-cwd.exp.  Some gdb.guile/*.exp tests
fails may be caused by the same problem.

3. An attach-specific failure:
...
(gdb) attach 27466^M
Attaching to process 27466^M
No executable file now.^M
warning: Could not load vsyscall page because no executable was specified^M
0x00007f18b597f0ca in ?? ()^M
(gdb) FAIL: gdb.base/attach-deleted-exec.exp: attach to process with deleted
executable
...

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug external/31520] [gdb/external] Handle kernel.yama.ptrace_scope != 0

[vries at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=31520

--- Comment #3 from Tom de Vries <vries at gcc dot gnu.org> ---
(In reply to Tom de Vries from comment #2)
> 3. An attach-specific failure:
> ...
> (gdb) attach 27466^M
> Attaching to process 27466^M
> No executable file now.^M
> warning: Could not load vsyscall page because no executable was specified^M
> 0x00007f18b597f0ca in ?? ()^M
> (gdb) FAIL: gdb.base/attach-deleted-exec.exp: attach to process with deleted
> executable
> ...

While with ptrace_scope == 0, we get:
...
(gdb) attach 23176^M
Attaching to process 23176^M
Reading symbols from /proc/23176/exe...^M
Reading symbols from /lib64/libm.so.6...^M
(No debugging symbols found in /lib64/libm.so.6)^M
Reading symbols from /lib64/libc.so.6...^M
(No debugging symbols found in /lib64/libc.so.6)^M
Reading symbols from /lib64/ld-linux-x86-64.so.2...^M
(No debugging symbols found in /lib64/ld-linux-x86-64.so.2)^M
0x00007f18f32620ca in clock_nanosleep@GLIBC_2.2.5 () from /lib64/libc.so.6^M
(gdb) PASS: gdb.base/attach-deleted-exec.exp: attach to process with deleted
executable
...

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug external/31520] [gdb/external] Handle kernel.yama.ptrace_scope != 0

[vries at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=31520

--- Comment #4 from Tom de Vries <vries at gcc dot gnu.org> ---
Using this script I'm only left with the gdb.base/attach-deleted-exec.exp
regression:
...
$ cat sudo-allow-ptrace.sh
#!/bin/sh -x

set -e

case " $1 " in
    " --stage2 ")
        stage=2
        shift
        ;;

    " --stage3 ")
        stage=3
        shift
        ;;
    *)
        stage=1
        ;;
esac

if [ $stage = 1 ]; then
    # shellcheck disable=SC3045
    ulimit_core_hard=$(ulimit -Hc)
    # shellcheck disable=SC3045
    ulimit_core_soft=$(ulimit -Sc)

    exec \
        sudo -E \
        "$0" \
        --stage2 \
        "$USER" \
        "$HOME" \
        "$ulimit_core_hard" \
        "$ulimit_core_soft" \
        "$@"
elif [ $stage = 2 ]; then
    export user="$1"
    shift

    export home="$1"
    shift

    ulimit_core_hard="$1"
    shift

    ulimit_core_soft="$1"
    shift

    # shellcheck disable=SC3045
    ulimit -Hc "$ulimit_core_hard"
    # shellcheck disable=SC3045
    ulimit -Sc "$ulimit_core_soft"

    exec \
        capsh \
        --caps="cap_setpcap,cap_setuid,cap_setgid+ep cap_sys_ptrace+eip" \
        --keep=1 \
        --user="$user" \
        --addamb="cap_sys_ptrace" \
        --shell="$0" \
        -- \
        --stage3 \
        "$user" \
        "$home" \
        "$@"    
elif [ $stage = 3 ]; then
    export USER="$1"
    export LOGNAME="$1"
    shift

    export HOME="$1"
    shift

    exec "$@"
fi
...

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug external/31520] [gdb/external] Handle kernel.yama.ptrace_scope != 0

[vries at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=31520

--- Comment #5 from Tom de Vries <vries at gcc dot gnu.org> ---
(In reply to Tom de Vries from comment #4)
> Using this script I'm only left with the gdb.base/attach-deleted-exec.exp
> regression:

I've filed that as PR31528.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug external/31520] [gdb/external] Handle kernel.yama.ptrace_scope != 0

[sam at gentoo dot org]

https://sourceware.org/bugzilla/show_bug.cgi?id=31520

Sam James <sam at gentoo dot org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |sam at gentoo dot org

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug external/31520] [gdb/external] Handle kernel.yama.ptrace_scope != 0

[vries at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=31520

--- Comment #6 from Tom de Vries <vries at gcc dot gnu.org> ---
https://sourceware.org/pipermail/gdb-patches/2024-March/207531.html

-- 
You are receiving this mail because:
You are on the CC list for the bug.