Page 1 of 1

gdb-7.2 unusable if /proc/<pid>/auxv was disabled

PostPosted: Wed Oct 20, 2010 8:35 am
by Hugo Mildenberger
As I described at http://bugs.gentoo.org/show_bug.cgi?id=341889, gdb is unusable for just-in-time debugging tasks, if CONFIG_GRKERNSEC_PROC_MEMMAP was chosen during Kernel configuration and RANDMAP was not disabled for the target program going to be debugged. gdb uses /proc/<pid>/auxv for module load addresses. Whithout that information, gdb is unable to display a symbolic backtrace, at least on a Gentoo amd64 hardened system. I realize the conflict of objectives and think about how to solve it. Maybe just amend the documentation for make menuconfig item "Remove addresses from /proc/<pid>/[smaps|maps|stat]"? Or add an option for selectively allowing /proc/<pid>/auxv to be read under certain conditions?

Re: gdb-7.2 unusable if /proc/<pid>/auxv was disabled

PostPosted: Wed Oct 20, 2010 10:18 am
by spender
I'll update the restriction for this so that it's readable only if the task is currently being ptraced and only by the task doing the ptracing.

-Brad

Re: gdb-7.2 unusable if /proc/<pid>/auxv was disabled

PostPosted: Wed Oct 20, 2010 5:46 pm
by spender
I've uploaded new patches with the above mentioned change. Let me know how it goes.

-Brad

Re: gdb-7.2 unusable if /proc/<pid>/auxv was disabled

PostPosted: Thu Oct 21, 2010 4:09 am
by Hugo Mildenberger
Yes, gdb now works when using grsecurity-2.2.0-2.6.35.7-201010201740.patch. Even drkonqi is now able to gather symbolic information!

Re: gdb-7.2 unusable if /proc/<pid>/auxv was disabled

PostPosted: Thu Oct 21, 2010 7:52 am
by spender
Great, good to hear. Thanks for the report!

-Brad