Add doc about fixing a ptrace error in debugger.

Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
author: dusoleil <howcansocksbereal@gmail.com> 2021-12-20 02:54:37 -0500
committer: dusoleil <howcansocksbereal@gmail.com> 2021-12-20 02:54:37 -0500
commit: 980b6fb8689e202198adef3c44e07eafe26fefca (patch)
tree: 7c0d7ff242bb540f4c4d08e77fefb7b3d4eceaae /docs
parent: 559520f56a2074f4daa3d6abf00a356f4ec6a144 (diff)
download: lib-des-gnux-980b6fb8689e202198adef3c44e07eafe26fefca.tar.gz
lib-des-gnux-980b6fb8689e202198adef3c44e07eafe26fefca.zip
1 files changed, 22 insertions, 0 deletions
diff --git a/docs/re/ptrace_not_permitted.txt b/docs/re/ptrace_not_permitted.txt
new file mode 100644
index 0000000..07ca568
--- /dev/null
+++ b/docs/re/ptrace_not_permitted.txt
@@ -0,0 +1,22 @@
+If you are seeing errors from your debugger such as
+strace: (PTRACE_ATTACH): operation not permitted
+ptrace: operation not permitted
+ptrace_attach: operation not permitted
+etc.
+
+This is likely because of a linux kernel hardening setting.
+/proc/sys/kernel/yama/ptrace_scope
+This setting prevents a process from running ptrace on a non-child process.
+Even with this on, a can still ptrace another process if it is a child.
+Debuggers like gdb and radare2 use ptrace when you attach via PID.
+
+You can turn this off
+$ sudo su
+$ echo 0 > /proc/sys/kernel/yama/ptrace_scope
+
+Turning this off is global, though.
+Instead, set the capabilities of just your debugger to override this setting.
+
+$ sudo setcap CAP_SYS_PTRACE=+eip /usr/bin/gdb
+$ sudo setcap CAP_SYS_PTRACE=+eip /usr/bin/radare2
+
author	dusoleil <howcansocksbereal@gmail.com>	2021-12-20 02:54:37 -0500
committer	dusoleil <howcansocksbereal@gmail.com>	2021-12-20 02:54:37 -0500
commit	980b6fb8689e202198adef3c44e07eafe26fefca (patch)
tree	7c0d7ff242bb540f4c4d08e77fefb7b3d4eceaae /docs
parent	559520f56a2074f4daa3d6abf00a356f4ec6a144 (diff)
download	lib-des-gnux-980b6fb8689e202198adef3c44e07eafe26fefca.tar.gz lib-des-gnux-980b6fb8689e202198adef3c44e07eafe26fefca.zip