[grsec] gdb?
Peter S. Mazinger
ps.m at gmx.net
Tue Oct 4 02:18:47 EDT 2005
On Mon, 3 Oct 2005, jnf wrote:
> hrm, ive tried that and it doesnt seem to work, im wondering if its maybe
> because gdb is compiled as an ET_DYN itself?
>
> gcc -fno-stack-protector-all -fno-stack-protector -fno-pic -fno-pie -o
> program program.c
maybe add -g3 -ggdb ?
>
>
> Which makes it not even ET_DYN anymore, AFAIK- it doesn't show up as a
> shared object according to the file command.
>
> Then I call chpax/paxctl on the binary in question and turn all
> protections off
>
> then in gdb, attempting to even run it returns a:
>
> Warning:
> Cannot insert breakpoint -1.
> Error accessing memory address 0x34b8f98cffc0: Input/output error.
>
> This box is currently a hardened gentoo system, but ive had the same
> experiences with servers at various workplaces on other distro's.
>
> See below for an example:
>
> # gcc -fno-stack-protector-all -fno-stack-protector -fno-pic
> -fno-pie -o stack stack.c
> # paxctl -z stack
> # paxctl -v stack
> PaX control v0.2
> Copyright 2004 PaX Team <pageexec at freemail.hu>
>
> - PaX flags: ------------ [stack]
this one does not mean it is disabled, it means kernel "defaults"
you should at least paxctl -spm the binary in question
>
> # file stack
> stack: ELF 64-bit LSB executable, AMD x86-64, version 1 (SYSV), for
> GNU/Linux 2.4.1, dynamically linked (uses shared libs), not stripped
> # ldd stack
> libc.so.6 => /lib/libc.so.6 (0x00003564e4ade000)
> /lib64/ld-linux-x86-64.so.2 (0x00003564e49c7000)
>
>
> submission# paxctl -v /lib/libc.so.6
> PaX control v0.2
> Copyright 2004 PaX Team <pageexec at freemail.hu>
>
> - PaX flags: -------x---- [/lib/libc.so.6]
> RANDEXEC is disabled
> # paxctl -v /lib64/ld-linux-x86-64.so.2
> PaX control v0.2
> Copyright 2004 PaX Team <pageexec at freemail.hu>
>
> - PaX flags: -------x-e-- [/lib64/ld-linux-x86-64.so.2]
> RANDEXEC is disabled
> EMUTRAMP is disabled
>
> # ldd /lib/libc.so.6
> /lib64/ld-linux-x86-64.so.2 (0x00002d44b1b84000)
> # ldd /lib64/ld-linux-x86-64.so.2
> statically linked
> # gdb stack
> GNU gdb 6.2
> Copyright 2004 Free Software Foundation, Inc.
> GDB is free software, covered by the GNU General Public License, and you
> are
> welcome to change it and/or distribute copies of it under certain
> conditions.
> Type "show copying" to see the conditions.
> There is absolutely no warranty for GDB. Type "show warranty" for
> details.
> This GDB was configured as "x86_64-pc-linux-gnu"...Using host libthread_db
> library "/lib/libthread_db.so.1".
>
> (gdb) r
> Starting program: /home/jnf/stack
> Warning:
> Cannot insert breakpoint -2.
> Error accessing memory address 0x382ca07d9fc0: Input/output error.
>
> (gdb)
>
> --
>
> There are only two choices in life. You either conform the truth to your desire,
> or you conform your desire to the truth. Which choice are you making?
>
>
> On Mon, 3 Oct 2005, Mike Frysinger wrote:
>
> > Date: Mon, 3 Oct 2005 18:46:28 -0400
> > From: Mike Frysinger <vapier at gentoo.org>
> > To: grsecurity at grsecurity.net
> > Cc: jnf <jnf at nosec.net>
> > Subject: Re: [grsec] gdb?
> >
> > On Monday 03 October 2005 06:37 pm, jnf wrote:
> > > Has anyone ever gotten gdb to work half way decently on ET_DYN binaries?
> > > As PaX becomes more prevelant, this is becoming more of a problem for me.
> >
> > if you disable restrictions with paxctl you should be able to use gdb on the
> > binaries (you'll prob have to run paxctl on the binary you wish to debug as
> > well as the dynamic loader and shared libraries)
> > -mike
> >
> _______________________________________________
> grsecurity mailing list
> grsecurity at grsecurity.net
> http://grsecurity.net/cgi-bin/mailman/listinfo/grsecurity
>
>
--
Peter S. Mazinger <ps dot m at gmx dot net> ID: 0xA5F059F2
Key fingerprint = 92A4 31E1 56BC 3D5A 2D08 BB6E C389 975E A5F0 59F2
More information about the grsecurity
mailing list