[Bug 1897187] [NEW] Unable to ptrace(PTRACE_TRACEME) without sudo

Gabriel Burca 1897187 at bugs.launchpad.net
Thu Sep 24 22:44:07 UTC 2020 

Public bug reported:

The call to ptrace(PTRACE_TRACEME) fails in gdbserver in spite of
ptrace_scope being 0. As a result gdbserver hangs and is impossible to
use. When run with sudo it works fine. This seems to be a kernel bug.

# which gdbserver
/usr/bin/gdbserver

# cat /proc/sys/kernel/yama/ptrace_scope
0

# gdbserver :9091 /bin/true
<no output>

# sudo gdbserver :9091 /bin/true
Process /bin/true created; pid = 31071
Listening on port 9091

# strace -f gdbserver :9091 /bin/true
...
ptrace(PTRACE_TRACEME)      = -1 EPERM (Operation not permitted)
...

# getcap /usr/bin/gdbserver
<no output>

Adding "setcap cap_sys_ptrace=+eip" to gdbserver doesn't change
anything.

Further details:

# lsb_release -rd
Description:    Ubuntu 18.04.5 LTS
Release:        18.04

# apt-cache policy linux-generic
linux-generic:
  Installed: 4.15.0.118.105
  Candidate: 4.15.0.118.105
  Version table:
 *** 4.15.0.118.105 500
        500 http://aptrepo/ubuntu bionic-updates/main amd64 Packages
        500 http://aptrepo/ubuntu bionic-security/main amd64 Packages
        100 /var/lib/dpkg/status
     4.15.0.20.23 500
        500 http://aptrepo/ubuntu bionic/main amd64 Package

** Affects: gdb (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to gdb in Ubuntu.
https://bugs.launchpad.net/bugs/1897187

Title:
  Unable to ptrace(PTRACE_TRACEME) without sudo

Status in gdb package in Ubuntu:
  New

Bug description:
  The call to ptrace(PTRACE_TRACEME) fails in gdbserver in spite of
  ptrace_scope being 0. As a result gdbserver hangs and is impossible to
  use. When run with sudo it works fine. This seems to be a kernel bug.

  # which gdbserver
  /usr/bin/gdbserver

  # cat /proc/sys/kernel/yama/ptrace_scope
  0

  # gdbserver :9091 /bin/true
  <no output>

  # sudo gdbserver :9091 /bin/true
  Process /bin/true created; pid = 31071
  Listening on port 9091

  # strace -f gdbserver :9091 /bin/true
  ...
  ptrace(PTRACE_TRACEME)      = -1 EPERM (Operation not permitted)
  ...

  # getcap /usr/bin/gdbserver
  <no output>

  Adding "setcap cap_sys_ptrace=+eip" to gdbserver doesn't change
  anything.

  Further details:

  # lsb_release -rd
  Description:    Ubuntu 18.04.5 LTS
  Release:        18.04

  # apt-cache policy linux-generic
  linux-generic:
    Installed: 4.15.0.118.105
    Candidate: 4.15.0.118.105
    Version table:
   *** 4.15.0.118.105 500
          500 http://aptrepo/ubuntu bionic-updates/main amd64 Packages
          500 http://aptrepo/ubuntu bionic-security/main amd64 Packages
          100 /var/lib/dpkg/status
       4.15.0.20.23 500
          500 http://aptrepo/ubuntu bionic/main amd64 Package

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gdb/+bug/1897187/+subscriptions

More information about the foundations-bugs mailing list