From owner-freebsd-questions@freebsd.org Wed Aug 12 14:59:38 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 4992C3A3318 for ; Wed, 12 Aug 2020 14:59:38 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.126.135]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "mout.kundenserver.de", Issuer "TeleSec ServerPass Class 2 CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4BRXt11s4Vz422n for ; Wed, 12 Aug 2020 14:59:36 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from r56.edvax.de ([188.102.103.50]) by mrelayeu.kundenserver.de (mreue010 [212.227.15.167]) with ESMTPA (Nemesis) id 1M2Nm2-1k7XBa45wE-003uZh; Wed, 12 Aug 2020 16:59:33 +0200 Date: Wed, 12 Aug 2020 16:59:31 +0200 From: Polytropon To: "Ronald F. Guilmette" Cc: Yasuhiro KIMURA , freebsd-questions@freebsd.org Subject: Re: GDB no workie? Permission problem? Message-Id: <20200812165931.702fd7ea.freebsd@edvax.de> In-Reply-To: <69681.1597214227@segfault.tristatelogic.com> References: <20200811.022654.1924978480022516137.yasu@utahime.org> <69681.1597214227@segfault.tristatelogic.com> Reply-To: Polytropon Organization: EDVAX X-Mailer: Sylpheed 3.1.1 (GTK+ 2.24.5; i386-portbld-freebsd8.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Provags-ID: V03:K1:orxc4i5Ml4/wk6A7yVT09exxadNFAFa8YhFhlVLkUmYqzjJZ/kP VN3kVkDmwbxVdigdkISBDw4Bi1/SdJhhgoAvoglqsB0VcJBoJsfzqDLHZrnOFIOjGWoIbXM 3eqoZuKIOJ82bnAXN2GBSoChAt4RDVo8ZEjuSKwNtzloRkq4bVC35ZMwEJGInk/npiUsaB1 O4wWf6XzvOJDYDK7VRr/A== X-Spam-Flag: NO X-UI-Out-Filterresults: notjunk:1;V03:K0:5Lp6YvLcwDA=:HUJWafKEeBjTE5oePBg+aF LzsGlkR06u9LuuDpu6oB3i/4lVDkCgIMTLUrMRMBljHRujzqP2ifteCVdnMrbhncwbNXAkiVL 1OywGjCQLOKCS7QrlbpN1mlqC26qZSOBUgFGT+uyp20wB4ilkkEyfUoC/gM/Uykj/sPQV81X7 k2EWsjgv1OsNbE6NHnMmU6gHRo8iakMH33lpy71vEksYh5PXpCSi5QlReDOjqwgcj1u2hG+AM 6CtBQZp2WaW6fMoBI0HSkLpn28dAgyG84RZXW54pg729UZffRUuz+VCjffoiyl5lskKsD04nB qNji++gJTy9Bs07/drJVSpVA8FA6+SUTV/GnbR7IXjodoK+BVspSOUI1J3YkdY/gt0N4SFL2U TftaMJV3L8B5tRBacMWn3Ar6cDL7XMNeyHEUWnRHwZiODkaCswugo4SZfM4rsq8SHwdoTRz6G YLCSRlqZ5ceg6Q93DFZ6kAtrA/bXlMta1B6+fUAv/SSEaaNW79CWkWPdHv3sJBfyHSiZ3wQxQ 6L3w/iFIITtDFTjuRGBU+vZMhDd0PEb2igHI+Nnbf9aUDzbhryLYPdwCTxDZU1lorBFB/4Hmp j+dOfu7KTWV+/Z2Z1k/TcJ3JT+q+cpAk97UppU2w74RfWwGO8ES9i+VbPWfcMNV0tInQVko2y NMqcxRyF6xdGbaEMXKZBNbeMuD7RVecDnq/T4VpVDbjJJoTx77HQIvr4Jro8Sd7Q0fw/vvygM fJ1yoEkCe2ADo+VU+x+0oQloynQtlr3uxhiHNOvmjqIuE3ODa+eCmSd8aAq+Sxr/AQxQgXlu4 dnrrRpG3Bj+iX834ZLNo1CHTwyKXXWBM1uhTID0nNxLzZKB+ca4t1fDt8AuY6V5Enl/Z87y X-Rspamd-Queue-Id: 4BRXt11s4Vz422n X-Spamd-Bar: +++ Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of freebsd@edvax.de has no SPF policy when checking 212.227.126.135) smtp.mailfrom=freebsd@edvax.de X-Spamd-Result: default: False [3.11 / 15.00]; HAS_REPLYTO(0.00)[freebsd@edvax.de]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_DN_SOME(0.00)[]; MV_CASE(0.50)[]; HAS_ORG_HEADER(0.00)[]; NEURAL_HAM_SHORT(-0.34)[-0.338]; RECEIVED_SPAMHAUS_PBL(0.00)[188.102.103.50:received]; RCVD_TLS_LAST(0.00)[]; R_DKIM_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:8560, ipnet:212.227.0.0/16, country:DE]; SUBJECT_ENDS_QUESTION(1.00)[]; ARC_NA(0.00)[]; REPLYTO_EQ_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; NEURAL_HAM_MEDIUM(-0.58)[-0.579]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[edvax.de]; AUTH_NA(1.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; NEURAL_SPAM_LONG(0.63)[0.632]; MID_CONTAINS_FROM(1.00)[]; RCVD_IN_DNSWL_NONE(0.00)[212.227.126.135:from]; R_SPF_NA(0.00)[no SPF record]; RWL_MAILSPIKE_POSSIBLE(0.00)[212.227.126.135:from]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Aug 2020 14:59:38 -0000 On Tue, 11 Aug 2020 23:37:07 -0700, Ronald F. Guilmette wrote: > In message <20200811.022654.1924978480022516137.yasu@utahime.org>, you wrote: > > >From: "Ronald F. Guilmette" > >Subject: GDB no workie? Permission problem? > >Date: Mon, 10 Aug 2020 10:01:03 -0700 > > > >> I seem to vaguely recall some "security" options being presented > >> at system install time, and I do believe one of these had to do > >> with ptrace. So I guess that I must have made the Wrong Choice > >> with respect to that one. OK. Fine. Now how do I fix that misake > >> on my part, short of re-installing the whole bloody system? > > > >"System Hardening" stage of installation is handled by > >/usr/libexec/bsdinstall/hardening and it is shell script. So if you > >understand syntax of bourne shell you can undo your system hardening > >settings by reading it. > > Thank you. The code seems to suggets that I just need to edit a > file called $BSDINSTALL_TMPBOOT/loader.conf.hardening but I will be > damned if I can find any such on my system, anywhere in my root > partition. So I'm stumped. You need to edit the _Actual_ loader configuration file, which is /boot/loader.conf; also have a look at the sysctl control file, /etc/sysctl.conf, as mentioned in my previous message - which did only arrive at the list, but not in your mailbox, as your ISP seems to block 1&1, Germany's probably most important ISP. I wrote (on Mon, 10 Aug 2020 20:41:40 +0200): On Mon, 10 Aug 2020 10:01:03 -0700, Ronald F. Guilmette wrote: > Just ran gdb, which I haven't done for awhile, to find a small > bug in one of my own C programs. > > Set two breakpoints successfully and then tried to r(un) the > program to be debugged. (This was all being done under my > own personal non-priviliged account.) > > Immediately got something very unexpected: > > warning: Could not trace the inferior process. > Error: > warning: ptrace: Operation not permitted > During startup program exited with code 127. > > I su'd to root and tried again, and of course now it works. > > So, um, what the hay? What goes on here? > > I seem to vaguely recall some "security" options being presented > at system install time, and I do believe one of these had to do > with ptrace. So I guess that I must have made the Wrong Choice > with respect to that one. OK. Fine. Now how do I fix that misake > on my part, short of re-installing the whole bloody system? Yes, that seems to be the case here. At installation stage, certain options would have been set in the relevant configuraiton files, but there's noting requiring a re-installation - you can undo those changes with a simple text editor. :-) Check the following files: /boot/loader.conf /etc/sysctl.conf <--- probably this one /etc/rc.conf I'm sure you'll find something related to security restrictions, such as those: security.bsd.unprivileged_read_msgbuf=0 security.bsd.unprivileged_proc_debug=0 security.bsd.see_other_uids=0 As suggested by Yasuhiro Kimura, there are several settings that could have been applied. See the following file to find their names and settings: /usr/libexec/bsdinstall/hardening You can use sysctl interactively, or just edit the files and reboot the system so they take effect. * * * end quote * * * > To make matters even worse, the > output I get from "sysctl -a" doesn't even seem to list -any- > sysctl variable called "security.bsd.allow_destructive_dtrace", so > I am double stumped. Because it's not a DTrace problem - it's probably something else. Check % sysctl -a | grep security for all security-related variables; I'm sure you find one or two that deviate from the default setting. -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...