Can gdb debug suid root programs?

debugging setuid gdb
21,672

Solution 1

You can only debug a setuid or setgid program if the debugger is running as root. The kernel won't let you call ptrace on a program running with extra privileges. If it did, you would be able to make the program execute anything, which would effectively mean you could e.g. run a root shell by calling a debugger on /bin/su.

If you run Gdb as root, you'll be able to run your program, but you'll only be observing its behavior when run by root.

If you need to debug the program when it's not started by root, start the program outside Gdb, make it pause in some fashion before getting to the troublesome part, and attach the process inside Gdb (at 1234 where 1234 is the process ID).

Solution 2

Here's a way to start the process in a stopped state if you will. Use a bash script doing:

echo $BASHPID; kill -STOP $BASHPID; exec sudo -u unpriviledged_user -g the_group_if_not_primary command

Make that run in the background.

Then start gdb, and attach to the pid that was printed.

You'll have to step through the exec command with gdb, but you'll be able to debug from the very beginning.

Share:
21,672

Related videos on Youtube

BDW
Author by

BDW

Updated on September 18, 2022

Comments

  • BDW
    BDW over 1 year

    I wrote a program that calls setuid(0) and execve("/bin/bash",NULL,NULL).

    Then I did chown root:root a.out && chmod +s a.out

    When I execute ./a.out I get a root shell. However when I do gdb a.out it starts the process as normal user, and launches a user shell.

    So... can I debug a setuid root program?

  • BDW
    BDW almost 13 years
    Yes I tried that, but the process is started as root, and gdb should be started as root too to be able to attach root's process.
  • Gilles 'SO- stop being evil'
    Gilles 'SO- stop being evil' almost 13 years
    @jyzuz Yes, as I write you have to start gdb as root. Or if you want you can use remote debugging and run just gdbserver as root and connect to it as a normal user. From your comment it seems you didn't manage to do it the simple way (running gdb as root) but I don't understand what went wrong, so I can't help.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Debug 32 bit application with gdb in 64 bit environment
Debugging a program that uses SIGINT with gdb
How to reload gdbinit?
gdb During startup program exited with code 127
How to set gdb debugger connection?
GDB debugger problems - No source file named
Remote debug error with GDB
How to debug a cmake/make project in VSCode?
How to get an apache core dump?
GDB crashes with: ImportError: No module named libstdcxx.v6.printers