警告: 禁用地址空间随机化错误: 不允许操作

我做错了什么(或没有做) ，gdb不适合我的工作？

root@6be3d60ab7c6:/# cat minimal.c
int main()
{
int i = 1337;
return 0;
}
root@6be3d60ab7c6:/# gcc -g minimal.c -o minimal
root@6be3d60ab7c6:/# gdb minimal
GNU gdb (Ubuntu 7.7.1-0ubuntu5~14.04.2) 7.7.1
.
.
.
Reading symbols from minimal...done.
(gdb) break main
Breakpoint 1 at 0x4004f1: file minimal.c, line 3.
(gdb) run
Starting program: /minimal
warning: Error disabling address space randomization: Operation not permitted
During startup program exited normally.
(gdb)
(gdb) print i
No symbol "i" in current context.

43627 次浏览

小开

For whatever reason, your user account doesn't have permission to disable the kernel's address space layout randomisation for this process. By default, gdb turns this off because it makes some sorts of debugging easier (in particular, it means the address of stack objects will be the same each time you run your program). Read more here.

You can work around this problem by disabling this feature of gdb with set disable-randomization off.

As for getting your user the permission needed to disable ASLR, it probably boils down to having write permission to /proc/sys/kernel/randomize_va_space. Read more here.

小开

最佳答案

If you're using Docker, you probably need the --security-opt seccomp=unconfined option (as well as enabling ptrace):

docker run --cap-add=SYS_PTRACE --security-opt seccomp=unconfined

小开

Building on wisbucky's answer (thank you!), here are the same settings for Docker compose:

security_opt:
- seccomp:unconfined
cap_add:
- SYS_PTRACE

The security option seccomp:unconfined fixed the address space randomization warnings.

The capability SYS_PTRACE didn't seem to have a noticeable effect even though the Docker documentation states that SYS_PTRACE is a capability that is "not granted by default". Perhaps I don't know what to look for.