[padb] r399 committed - Fail better in the light of new kernel security features preventing...

Sun Oct 24 01:53:52 BST 2010

Revision: 399
Author: apittman at gmail.com
Date: Sat Oct 23 17:52:52 2010
Log: Fail better in the light of new kernel security features preventing
the use of ptrace on non-child processes.

It seems new kernels (Ubuntu 10.10 included) have a file  
/proc/sys/kernel/yama/ptrace_scope
which controls which processes can be ptraced, with this param at it's  
default
value programs can only ptrace their children which stops gdb from
attach to programs.  If we fail to attach ever then check if this file  
exists
and if it's value is non-zero then tell the user it's a likely cause of the  
problem.

http://code.google.com/p/padb/source/detail?r=399

Modified:
  /trunk/src/padb

=======================================

--- /trunk/src/padb	Sat Oct 23 17:35:27 2010
+++ /trunk/src/padb	Sat Oct 23 17:52:52 2010
@@ -3414,7 +3414,7 @@
      my $gdb = gdb_start();
      if ( not gdb_attach( $gdb, $job ) ) {
          if ( defined $gdb->{error} ) {
-            print "Failed to attach to process: $gdb->{error}\n";
+            print "$gdb->{error}\n";
          } else {
              print "Failed to attach to process\n";
          }
@@ -6040,6 +6040,14 @@
          my $r = gdb_parse_reason( $p{reason} );
          if ( defined $r->{msg} ) {
              $gdb->{error} = "Failed to attach to process: $r->{msg}";
+            my $yama_file = "/proc/sys/kernel/yama/ptrace_scope";
+            if ( -f $yama_file ) {
+                my $yama = slurp_file($yama_file);
+                if ( $yama != '0' ) {
+                    $gdb->{error} =
+"Failed to attach to process: $r->{msg} (try echo 0 > $yama_file)";
+                }
+            }
          } else {
              $gdb->{error} = 'Failed to attach to process';
          }
@@ -6111,6 +6119,15 @@
          my $r = gdb_parse_reason( $p{reason} );
          if ( defined $r->{msg} ) {
              $gdb->{error} = "Failed to attach to process: $r->{msg}";
+            my $yama_file = "/proc/sys/kernel/yama/ptrace_scope";
+            if ( -f $yama_file ) {
+                my $yama = slurp_file($yama_file);
+                if ( $yama != '0' ) {
+                    $gdb->{error} =
+"Failed to attach to process!: $r->{msg} (try echo 0 > $yama_file)";
+                }
+            }
+
          } else {
              $gdb->{error} = 'Failed to attach to process';
          }


