[grsec] gdb?

jnf jnf at nosec.net
Mon Oct 3 18:58:09 EDT 2005 

hrm, ive tried that and it doesnt seem to work, im wondering if its maybe
because gdb is compiled as an ET_DYN itself?

gcc -fno-stack-protector-all -fno-stack-protector -fno-pic -fno-pie -o
program program.c


Which makes it not even ET_DYN anymore, AFAIK- it doesn't show up as a
shared object according to the file command.

Then I call chpax/paxctl on the binary in question and turn all
protections off

then in gdb, attempting to even run it returns a:

Warning:
Cannot insert breakpoint -1.
Error accessing memory address 0x34b8f98cffc0: Input/output error.

This box is currently a hardened gentoo system, but ive had the same
experiences with servers at various workplaces on other distro's.

See below for an example:

# gcc -fno-stack-protector-all -fno-stack-protector -fno-pic
-fno-pie -o stack stack.c
# paxctl -z stack
# paxctl -v stack
PaX control v0.2
Copyright 2004 PaX Team <pageexec at freemail.hu>

- PaX flags: ------------ [stack]

# file stack
stack: ELF 64-bit LSB executable, AMD x86-64, version 1 (SYSV), for
GNU/Linux 2.4.1, dynamically linked (uses shared libs), not stripped
# ldd stack
        libc.so.6 => /lib/libc.so.6 (0x00003564e4ade000)
        /lib64/ld-linux-x86-64.so.2 (0x00003564e49c7000)


submission# paxctl -v /lib/libc.so.6
PaX control v0.2
Copyright 2004 PaX Team <pageexec at freemail.hu>

- PaX flags: -------x---- [/lib/libc.so.6]
        RANDEXEC is disabled
# paxctl -v /lib64/ld-linux-x86-64.so.2
PaX control v0.2
Copyright 2004 PaX Team <pageexec at freemail.hu>

- PaX flags: -------x-e-- [/lib64/ld-linux-x86-64.so.2]
        RANDEXEC is disabled
        EMUTRAMP is disabled

# ldd /lib/libc.so.6
        /lib64/ld-linux-x86-64.so.2 (0x00002d44b1b84000)
# ldd /lib64/ld-linux-x86-64.so.2
        statically linked
# gdb stack
GNU gdb 6.2
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you
are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for
details.
This GDB was configured as "x86_64-pc-linux-gnu"...Using host libthread_db
library "/lib/libthread_db.so.1".

(gdb) r
Starting program: /home/jnf/stack
Warning:
Cannot insert breakpoint -2.
Error accessing memory address 0x382ca07d9fc0: Input/output error.

(gdb)

--

There are only two choices in life. You either conform the truth to your desire,
or you conform your desire to the truth. Which choice are you making?


On Mon, 3 Oct 2005, Mike Frysinger wrote:

> Date: Mon, 3 Oct 2005 18:46:28 -0400
> From: Mike Frysinger <vapier at gentoo.org>
> To: grsecurity at grsecurity.net
> Cc: jnf <jnf at nosec.net>
> Subject: Re: [grsec] gdb?
>
> On Monday 03 October 2005 06:37 pm, jnf wrote:
> > Has anyone ever gotten gdb to work half way decently on ET_DYN binaries?
> > As PaX becomes more prevelant, this is becoming more of a problem for me.
>
> if you disable restrictions with paxctl you should be able to use gdb on the
> binaries (you'll prob have to run paxctl on the binary you wish to debug as
> well as the dynamic loader and shared libraries)
> -mike
>

More information about the grsecurity mailing list