Can gdb debug suid root programs?
Solution 1
You can only debug a setuid or setgid program if the debugger is running as root. The kernel won't let you call ptrace
on a program running with extra privileges. If it did, you would be able to make the program execute anything, which would effectively mean you could e.g. run a root shell by calling a debugger on /bin/su
.
If you run Gdb as root, you'll be able to run your program, but you'll only be observing its behavior when run by root.
If you need to debug the program when it's not started by root, start the program outside Gdb, make it pause in some fashion before getting to the troublesome part, and attach
the process inside Gdb (at 1234
where 1234 is the process ID).
Solution 2
Here's a way to start the process in a stopped state if you will. Use a bash script doing:
echo $BASHPID; kill -STOP $BASHPID; exec sudo -u unpriviledged_user -g the_group_if_not_primary command
Make that run in the background.
Then start gdb
, and attach to the pid that was printed.
You'll have to step through the exec
command with gdb
, but you'll be able to debug from the very beginning.
Related videos on Youtube
BDW
Updated on September 18, 2022Comments
-
BDW over 1 year
I wrote a program that calls
setuid(0)
andexecve("/bin/bash",NULL,NULL)
.Then I did
chown root:root a.out && chmod +s a.out
When I execute
./a.out
I get a root shell. However when I dogdb a.out
it starts the process as normal user, and launches a user shell.So... can I debug a setuid root program?
-
BDW almost 13 yearsYes I tried that, but the process is started as root, and gdb should be started as root too to be able to attach root's process.
-
Gilles 'SO- stop being evil' almost 13 years@jyzuz Yes, as I write you have to start gdb as root. Or if you want you can use remote debugging and run just
gdbserver
as root and connect to it as a normal user. From your comment it seems you didn't manage to do it the simple way (running gdb as root) but I don't understand what went wrong, so I can't help.