gdb-7.2 unusable if /proc/<pid>/auxv was disabled

Discuss and suggest new grsecurity features

gdb-7.2 unusable if /proc/<pid>/auxv was disabled

Postby Hugo Mildenberger » Wed Oct 20, 2010 8:35 am

As I described at http://bugs.gentoo.org/show_bug.cgi?id=341889, gdb is unusable for just-in-time debugging tasks, if CONFIG_GRKERNSEC_PROC_MEMMAP was chosen during Kernel configuration and RANDMAP was not disabled for the target program going to be debugged. gdb uses /proc/<pid>/auxv for module load addresses. Whithout that information, gdb is unable to display a symbolic backtrace, at least on a Gentoo amd64 hardened system. I realize the conflict of objectives and think about how to solve it. Maybe just amend the documentation for make menuconfig item "Remove addresses from /proc/<pid>/[smaps|maps|stat]"? Or add an option for selectively allowing /proc/<pid>/auxv to be read under certain conditions?
Hugo Mildenberger
 
Posts: 12
Joined: Sun Dec 13, 2009 6:14 pm

Re: gdb-7.2 unusable if /proc/<pid>/auxv was disabled

Postby spender » Wed Oct 20, 2010 10:18 am

I'll update the restriction for this so that it's readable only if the task is currently being ptraced and only by the task doing the ptracing.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm

Re: gdb-7.2 unusable if /proc/<pid>/auxv was disabled

Postby spender » Wed Oct 20, 2010 5:46 pm

I've uploaded new patches with the above mentioned change. Let me know how it goes.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm

Re: gdb-7.2 unusable if /proc/<pid>/auxv was disabled

Postby Hugo Mildenberger » Thu Oct 21, 2010 4:09 am

Yes, gdb now works when using grsecurity-2.2.0-2.6.35.7-201010201740.patch. Even drkonqi is now able to gather symbolic information!
Hugo Mildenberger
 
Posts: 12
Joined: Sun Dec 13, 2009 6:14 pm

Re: gdb-7.2 unusable if /proc/<pid>/auxv was disabled

Postby spender » Thu Oct 21, 2010 7:52 am

Great, good to hear. Thanks for the report!

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm


Return to grsecurity development

cron