109

what have i done wrong (or didn't do) that gdb is not working properly for me?

root@6be3d60ab7c6:/# cat minimal.c 
int main()
{
  int i = 1337;
  return 0;
}
root@6be3d60ab7c6:/# gcc -g minimal.c -o minimal
root@6be3d60ab7c6:/# gdb minimal
GNU gdb (Ubuntu 7.7.1-0ubuntu5~14.04.2) 7.7.1
.
.
.
Reading symbols from minimal...done.
(gdb) break main
Breakpoint 1 at 0x4004f1: file minimal.c, line 3.
(gdb) run
Starting program: /minimal 
warning: Error disabling address space randomization: Operation not permitted
During startup program exited normally.
(gdb) 
(gdb) print i   
No symbol "i" in current context.
Improve this question
3
  • 53
    When running within a docker container, I got this error until I added--security-opt seccomp=unconfined to the docker run. Commented Jun 7, 2016 at 4:28
  • @CameronTaggart thanks for the tip! You made my day. Commented Jul 7, 2016 at 16:04
  • @CameronTaggart it works good for me, but security problem coms Commented Sep 3, 2016 at 6:04

3 Answers 3

Reset to default
194

If you're using Docker, you probably need the --security-opt seccomp=unconfined option (as well as enabling ptrace):

docker run --cap-add=SYS_PTRACE --security-opt seccomp=unconfined
Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

thanks for this - I've no idea how much time I'd've lost learning this the hard way!
I think --cap-add=SYS_PTRACE is only needed when attaching gdb to an already running process.
Could you provide the security issues using these options might involve ?
Is there a way to apply this command to an already running instance? Because I don't want to remove this instance and start a new one
Hmm Doesn't work for me. I get warning: Could not trace the inferior process. warning: ptrace: Permission denied What I'm doing isdocker create --cap-add=SYS_PTRACE --security-opt seccomp=unconfined -it blah followed by docker start -i blah ... seems this should have worked!?
23

For whatever reason, your user account doesn't have permission to disable the kernel's address space layout randomisation for this process. By default, gdb turns this off because it makes some sorts of debugging easier (in particular, it means the address of stack objects will be the same each time you run your program). Read more here.

You can work around this problem by disabling this feature of gdb with set disable-randomization off.

As for getting your user the permission needed to disable ASLR, it probably boils down to having write permission to /proc/sys/kernel/randomize_va_space. Read more here.

Improve this answer

Comments

19

Building on wisbucky's answer (thank you!), here are the same settings for Docker compose:

security_opt:
  - seccomp:unconfined
cap_add:
  - SYS_PTRACE

The security option seccomp:unconfined fixed the address space randomization warnings.

The capability SYS_PTRACE didn't seem to have a noticeable effect even though the Docker documentation states that SYS_PTRACE is a capability that is "not granted by default". Perhaps I don't know what to look for.

Improve this answer

1 Comment

YOu have a typo, it is unconfined not unconfirmed

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.