1

I want to debug an aarch64 ELF using GDB installed on an arm64v8/alpine docker on my x86_64 16.04 Ubuntu VirtualBox, which itself is installed on my Mac. In particular, to set up the docker I use the instructions here. That is:

sudo docker run --rm --privileged multiarch/qemu-user-static --reset -p yes

sudo docker run --rm -it -v /directory_on_ubuntu:/directory_on_alpine arm64v8/alpine /bin/ash

I install GDB on the alpine container and get the PID of the ELF process using the ps aux command in alpine, attach to it using (gdb) attach PID at point which I receive a ptrace: Function not implemented warning. I've read posts on --cap-add=SYS_PTRACE and seccomp tags but shouldn't the privileged tag in the first line take care of the security aspects of the docker? I also looked into the /proc/sys/kernel/yama/ptrace_scope file on both the container and my Ubuntu host and set the value to 0. It's also worth mentioning that I didn't find any /etc/sysctl.d/10-ptrace.conf file on the alpine container while on the Ubuntu host the variable kernel.yama.ptrace_scope=0. But I feel ptrace not being implemented means there is a bigger issue maybe with the way I set up the docker. Any help or workarounds for getting GDB to debug the binary is appreciated.

Newbie
  • 135
  • 9
  • If I could make it work I'd write an answer but all I get is a SIGILL. So here's my comment: qemu-user is doing, in addition to cpu code emulation, abi system call translation. It just doesn't provide ptrace. Don't search for an other reason. Instead you can use qemu-user in gdbserver mode with its `-g` option. On it you can now connect a remote gdb-multiarch (no need to run it through qemu emulation itself). – A.B Dec 01 '20 at 19:37
  • @A.B Thank you for the comment. If I understand correctly you're saying multiarch/qemu-user-static containers don't have ptrace implemented? Also, while I've heard of gdb-multiarch and the target remote way of debugging using the `-g` flag in `qemu-aarch64` I'm really confused as is the server the host and the target the container? In other words, do I have to run gdb-multiarch on my Ubuntu machine while I run gdbserver on my alpine container? – Newbie Dec 01 '20 at 19:53
  • As long as you manage to establish a tcp connection (using proxying, iptables' dnat with or without the help of Docker or any other way) it's fair game. You could possibly even run gdb-multiarch on the Mac as long as it connects in the end. But my attempts crashed qemu-user apparently after the sleep when running this on /bin/sh -c ... with a sleep; echo test in a loop, so I can't tell it will be easy. – A.B Dec 01 '20 at 19:58
  • @A.B I'll give it a try. In the meanwhile this seems interesting: https://qemu-devel.nongnu.narkive.com/3OHTvVB6/regarding-ptrace-implementation-in-qemu-user-mode. It seems after all that `ptrace` isn't really implemented in `qemu`! – Newbie Dec 01 '20 at 20:00
  • here's a random example (most of the preparation isn't required, look at the end): https://reverseengineering.stackexchange.com/questions/8829/cross-debugging-for-arm-mips-elf-with-qemu-toolchain/8917#8917 – A.B Dec 01 '20 at 20:01
  • @A.B Thank you for the link. I've gone through that a 100 times, though at the time I didn't know that there's a `multiarch/qemu-user-static` arm64v8/alpine docker available to run `aarch64` binaries built via `musl`. – Newbie Dec 01 '20 at 20:03
  • That `ptrace` isn't implemented in `QEMU` user mode is confirmed here: http://people.redhat.com/pbonzini/qemu-test-doc/_build/html/topics/Linux-User-space-emulator.html – Newbie Dec 01 '20 at 20:13
  • @A.B For some reason I didn't find any qemu-user package found on my Alpine Docker. Any workarounds?! – Newbie Dec 02 '20 at 02:32
  • @A.B What if I run the binary on my alpine container and `gdbserver --attach IP:PORT binary_pid` and then try to connect to it on my Ubuntu using `gdb-multiarch binary` and then `(target remote IP:PORT)`? – Newbie Dec 02 '20 at 02:38

0 Answers0