Skip to content

Fix issues related with debugging #1323

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 10 commits into from
Dec 29, 2019
Merged

Fix issues related with debugging #1323

Show file tree
Hide file tree
Changes from 6 commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
f49ec1a
Fix issues related with debugging
bet4it Jun 26, 2019
91b82e0
Update pwnlib/tubes/process.py
bet4it Jul 15, 2019
9306305
Enable doctest for find_module_addresses
bet4it Jul 16, 2019
9881199
Experiment about adding doctests to gdb.py
bet4it Jul 18, 2019
857a7c2
Add doctests for most functions in gdb.py
bet4it Jul 29, 2019
2613469
Remove 'file' statement in gdb script
bet4it Sep 21, 2019
e2f28d8
Merge branch 'dev3' into debug
Arusekk Dec 6, 2019
13735e3
Merge branch 'dev' into debug
bet4it Dec 28, 2019
323ee88
Encode cyclic alphabet
bet4it Dec 28, 2019
a1502b8
Fix travis build
bet4it Dec 29, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions .travis.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,9 @@ addons:
- zsh
- pandoc
- gdb
- gdbserver
- socat
- sshpass
- binutils
- qemu-user-static
- binutils-multiarch
Expand Down Expand Up @@ -45,6 +48,7 @@ before_script:
- PWNLIB_NOTERM=1 python -c 'from pwn import *; print(pwnlib.term.term_mode)'
- PWNLIB_NOTERM=1 python -c 'from pwn import *; print(pwnlib.term.term_mode)'
- PWNLIB_NOTERM=1 python -c 'from pwn import *; print(pwnlib.term.term_mode)'
- sudo sh -c "echo 0 > /proc/sys/kernel/yama/ptrace_scope"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This shouldn't be necessary, as we do some prctl() in pwntools to mitigate this already

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's necessary. prctl() only affects direct child process.
You can try this by yourself:

pwntools/pwnlib/gdb.py

Lines 587 to 597 in 0491972

# Start a forking server
server = process(['socat', 'tcp-listen:1234,fork,reuseaddr', 'exec:/bin/sh'])
# Connect to the server
io = remote('localhost', 1234)
# Connect the debugger to the server-spawned process
gdb.attach(io, '''
break exit
continue
''')

The attach should fail if ptrace_scope is not set to 0.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see, the process is created by socat, not us. This is bad, because pwntools users won't be able to do this either without disabling Yama.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think most users won't use pwntools in this way, so it's okey to leave this problem here😃

script:
- PWNLIB_NOTERM=1 coverage run -m sphinx -b doctest docs/source docs/build/doctest
after_success:
Expand Down
2 changes: 1 addition & 1 deletion examples/attach.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
from pwn import *

bash = process('/bin/bash')
gdb.attach(bash, execute = '''
gdb.attach(bash, gdbscript = '''
p "hello from pwnlib"
c
''')
Expand Down
2 changes: 1 addition & 1 deletion examples/remote_gdb_debugging.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
from pwn import *

s = ssh(getpass.getuser(), '127.0.0.1', port = 22, keyfile = "~/.ssh/id_rsa")
c = gdb.ssh_gdb(s, '/bin/sh', execute = '''
c = gdb.ssh_gdb(s, '/bin/sh', gdbscript = '''
p/x $pc
c''')

Expand Down
Loading