Seth, thank you kindly for your prompt and clear answer. I modified server.c and confirm that gdb can now attach to the child process. Although prctl(PR_SET_DUMPABLE, 1) has no effect (and returns 0!) when called before resetting privileges, it works after the gid has been reset to the debugging process's gid.
I see where it's documented now. PR_SET_DUMPABLE is not mentioned in /etc/sysctl.d/10-ptrace.conf, but ptrace_scope in procfs(5) refers us to ptrace(2), which says, under PTRACE_ATTACH, "Processes that are not dumpable ... can not be attached via ptrace(2) PTRACE_ATTACH." The elided text refers to prctl(2), wherein the description of PR_SET_DUMPABLE describes how processes come to have their dumpable flag reset to 0. It's all there if you know where to look. Yet that's a bit thin, isn't it? I missed it, and my question on SO failed to elicit any pointer to PR_SET_DUMPABLE. IMO the gdb message in response to failing to attach is too wordy and basic. The focus on ptrace is almost misdirection, insofar as PTRACE_ATTACH is controlled by the union of ptrace_scope and the dumpable flag. I'm not sure what to suggest. A note in the gdb man page would be good. Maybe best would a file in /usr/share/doc/linux-doc describing debugging, dumpability, and ptrace from a programmer's point of view. ISTM one shouldn't have to understand the ptrace(2) syscall to use gdb on running processes. Thanks again for your help. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1860822 Title: ptrace fails with yama/ptrace_scope=0 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-signed/+bug/1860822/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
