GlowInTheDark
Posts: 1821
Joined: Sat Nov 09, 2019 12:14 pm

Can you attach to a running process with gdb in Ubuntu on Pi?

Mon Jun 21, 2021 6:19 pm

Note: I've never run Ubuntu on a Pi and I have no intention of doing so.

But I do run it on one of my X86 boxes, and have found something quite annoying. That is, if you try to attach to a running process with gdb, like this:

Code: Select all

$ gdb -p 12345
on a default-configured Ubuntu X86 system, you get a bunch of weird apologetic error messages telling you can't do it.

Now, I have not been able to find any text online saying what the problem actually is, but that's not surprising, given that it is "security" and no one likes to talk about it publicly. This is especially the case with Ubuntu, which has very MS-WIndows/Mac sensibilities about these sorts of things.

Note also: You can fix this via the following root command:

Code: Select all

# echo 0 > /proc/sys/kernel/yama/ptrace_scope
But my questions are:

1) Do the Pi versions of Ubuntu have this issue?
2) If it is important, why doesn't RPiOS have it?
3) If it isn't important, then why does Ubuntu (on X86, at least) have it?

Note that the "yama" directory alluded to above doesn't even exist on RPiOS.
Poster of inconvenient truths.

Linux zealot and proud of it.

User avatar
topguy
Posts: 7189
Joined: Tue Oct 09, 2012 11:46 am
Location: Trondheim, Norway

Re: Can you attach to a running process with gdb in Ubuntu on Pi?

Wed Jun 23, 2021 8:51 am

Quite many very important servers on the internet runs Ubuntu.
And you should not run such servers on a Pi...
It may also be related to differences in CPU architecture.

For "what the problem actually is"...
https://wiki.ubuntu.com/SecurityTeam/Ro ... Protection

User avatar
jahboater
Posts: 7180
Joined: Wed Feb 04, 2015 6:38 pm
Location: Wonderful West Dorset

Re: Can you attach to a running process with gdb in Ubuntu on Pi?

Wed Jun 23, 2021 9:16 am

For interest, it (gdb -p) works on Raspberry Pi OS - as long as the process is yours.

GlowInTheDark
Posts: 1821
Joined: Sat Nov 09, 2019 12:14 pm

Re: Can you attach to a running process with gdb in Ubuntu on Pi?

Wed Jun 23, 2021 11:17 am

jahboater wrote:
Wed Jun 23, 2021 9:16 am
For interest, it (gdb -p) works on Raspberry Pi OS - as long as the process is yours.
Yes, of course it does. And the world is still round.

But the question is: If it is a security risk in Ubuntu (and, let's say, for the sake of discussion, that it is), then why isn't it a risk under RPiOS? (And, if it isn't a risk, then why is it blocked on Ubuntu).

I get it - these are hard questions, and probably beyond the scope of this sort of help forum. But they are nonetheless interesting questions.

Oh, and in Pi OS, your statement "as long as the process is yours" is incorrect. You can attach to any process as user "pi", just by saying please, er, I mean, sudo... Heh heh. Such is the state of security in RPiOS.

Anyway, interesting stuff...
Poster of inconvenient truths.

Linux zealot and proud of it.

User avatar
topguy
Posts: 7189
Joined: Tue Oct 09, 2012 11:46 am
Location: Trondheim, Norway

Re: Can you attach to a running process with gdb in Ubuntu on Pi?

Wed Jun 23, 2021 12:16 pm

You can attach to any process as user "pi", just by saying please, er, I mean, sudo... Heh heh. Such is the state of security in RPiOS.
And that also works on Ubuntu...
I get it - these are hard questions, and probably beyond the scope of this sort of help forum.
Belitteling the forum and its members will hardly benefit you in the long run.

GlowInTheDark
Posts: 1821
Joined: Sat Nov 09, 2019 12:14 pm

Re: Can you attach to a running process with gdb in Ubuntu on Pi?

Wed Jun 23, 2021 1:10 pm

Belitteling the forum and its members will hardly benefit you in the long run.
You don't know that.

Anyway, I'm done with you.
Poster of inconvenient truths.

Linux zealot and proud of it.

User avatar
DougieLawson
Posts: 41437
Joined: Sun Jun 16, 2013 11:19 pm
Location: A small cave in deepest darkest Basingstoke, UK
Contact: Website Twitter

Re: Can you attach to a running process with gdb in Ubuntu on Pi?

Wed Jun 23, 2021 4:03 pm

GlowInTheDark wrote:
Wed Jun 23, 2021 11:17 am

But the question is: If it is a security risk in Ubuntu (and, let's say, for the sake of discussion, that it is), then why isn't it a risk under RPiOS? (And, if it isn't a risk, then why is it blocked on Ubuntu).
You know that RPiOS has a weak security model, that was a deliberate choice by the RPF/RPTL folks to make it easier to use for novices coming to Linux from Windows.

If you want to know about Ubuntu things then go and post on the Ubuntu forums at https://ubuntuforums.org/ (and stop being bloody rude to long term members on here).
Any language using left-hand whitespace for syntax is ridiculous

Any DMs sent on Twitter will be answered next month.
Fake doctors - are all on my foes list.

Any requirement to use a crystal ball or mind reading will result in me ignoring your question.

GlowInTheDark
Posts: 1821
Joined: Sat Nov 09, 2019 12:14 pm

Re: Can you attach to a running process with gdb in Ubuntu on Pi?

Wed Jun 23, 2021 4:11 pm

I AM posting on the Ubuntu forum.


Sheesh!!!!


Geez, for a second there, you had me worried. I thought maybe I'd messed up and posted on the RiscOS forum or something.

Oh, and I will when they do. They don't get a pass.
Poster of inconvenient truths.

Linux zealot and proud of it.

Return to “Ubuntu”