useful Yama EPERM error message missing (regression)

Bug #1317136 reported by Kees Cook on 2014-05-07
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
gdb (Ubuntu)
Undecided
Marc Deslauriers
Trusty
Undecided
Unassigned
Utopic
Undecided
Marc Deslauriers
ltrace (Ubuntu)
Undecided
Marc Deslauriers
Trusty
Undecided
Unassigned
Utopic
Undecided
Marc Deslauriers

Bug Description

SRU:

[Impact]
ltrace and gdb users may be stumped by the ptrace restrictions that are enabled by default in Ubuntu. Unfortunately, the patches that print a detailed informative error message in previous Ubuntu releases no longer work or haven't been applied in Trusty.

[Test Case]

$ ltrace -p 1 should display the following:
Cannot attach to pid 1: Operation not permitted
Could not attach to process. If your uid matches the uid of the target
process, check the setting of /proc/sys/kernel/yama/ptrace_scope, or try
again as the root user. For more details, see /etc/sysctl.d/10-ptrace.conf

$ gdb -p 1 should display a similar error message

[Regression Potential]
This patch is in the error condition, so regression is unlikely. Worst case, it could prevent ltrace or gdb from working at all.

Original description:
Trusty's gdb and ltrace have lost the helpful error details when ptrace attach fails. Compare to strace:

$ strace -p 1
strace: attach: ptrace(PTRACE_ATTACH, ...): Operation not permitted
Could not attach to process. If your uid matches the uid of the target
process, check the setting of /proc/sys/kernel/yama/ptrace_scope, or try
again as the root user. For more details, see /etc/sysctl.d/10-ptrace.conf

$ gdb -p 1
GNU gdb (Ubuntu 7.7-0ubuntu3) 7.7
...
Attaching to process 1
ptrace: Operation not permitted.

$ ltrace -p 1
Cannot attach to pid 1: Operation not permitted

In Precise ltrace has the correct error (though gdb is still missing it -- this was lost quite some time ago it seems):

$ ltrace -p 1
Could not attach to process. If your uid matches the uid of the target
process, check the setting of /proc/sys/kernel/yama/ptrace_scope, or try
again as the root user. For more details, see /etc/sysctl.d/10-ptrace.conf
Cannot attach to pid 1: Operation not permitted

Changed in ltrace (Ubuntu Trusty):
status: New → Confirmed
Changed in ltrace (Ubuntu Utopic):
status: New → Confirmed
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in gdb (Ubuntu Trusty):
status: New → Confirmed
Changed in gdb (Ubuntu Utopic):
status: New → Confirmed
Changed in gdb (Ubuntu Utopic):
assignee: nobody → Marc Deslauriers (mdeslaur)
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ltrace - 0.7.3-4ubuntu6

---------------
ltrace (0.7.3-4ubuntu6) utopic; urgency=medium

  * debian/ptrace.diff: updated to restore PTRACE scope sysctl warning
    (LP: #1317136)
 -- Marc Deslauriers <email address hidden> Wed, 07 May 2014 15:32:12 -0400

Changed in ltrace (Ubuntu Utopic):
status: Confirmed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package gdb - 7.7-0ubuntu4

---------------
gdb (7.7-0ubuntu4) utopic; urgency=medium

  * re-enable patch that got disabled at some point (LP: #1317136)
    - ptrace-error-verbosity.patch: Try to make the PTRACE scope sysctl
      more discoverable via a verbose error message when failures happen.
 -- Marc Deslauriers <email address hidden> Wed, 07 May 2014 15:46:53 -0400

Changed in gdb (Ubuntu Utopic):
status: Confirmed → Fix Released
description: updated
Changed in gdb (Ubuntu Trusty):
status: Confirmed → In Progress
Changed in ltrace (Ubuntu Trusty):
status: Confirmed → In Progress

Hello Kees, or anyone else affected,

Accepted ltrace into trusty-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/ltrace/0.7.3-4ubuntu5.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in ltrace (Ubuntu Trusty):
status: In Progress → Fix Committed
tags: added: verification-needed
Brian Murray (brian-murray) wrote :

Hello Kees, or anyone else affected,

Accepted gdb into trusty-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/gdb/7.7-0ubuntu3.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in gdb (Ubuntu Trusty):
status: In Progress → Fix Committed
Bartosz Kosiorek (gang65) wrote :

After install gdb and ltrace from proposed it is work perfectly for me.

tags: added: verification-done
removed: verification-needed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ltrace - 0.7.3-4ubuntu5.1

---------------
ltrace (0.7.3-4ubuntu5.1) trusty; urgency=medium

  * debian/ptrace.diff: updated to restore PTRACE scope sysctl warning
    (LP: #1317136)
 -- Marc Deslauriers <email address hidden> Wed, 07 May 2014 15:04:45 -0400

Changed in ltrace (Ubuntu Trusty):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for ltrace has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package gdb - 7.7-0ubuntu3.1

---------------
gdb (7.7-0ubuntu3.1) trusty; urgency=medium

  * re-enable patch that got disabled at some point (LP: #1317136)
    - ptrace-error-verbosity.patch: Try to make the PTRACE scope sysctl
      more discoverable via a verbose error message when failures happen.
 -- Marc Deslauriers <email address hidden> Wed, 07 May 2014 15:44:23 -0400

Changed in gdb (Ubuntu Trusty):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers