The sysctl settings (writable only with CAP_SYS_PTRACE) are:
0 - classic ptrace permissions: a process can PTRACE_ATTACH to any other
process running under the same uid, as long as it is dumpable (i.e.
did not transition uids, start privileged, or have called
prctl(PR_SET_DUMPABLE...) already). Similarly, PTRACE_TRACEME is
unchanged.
1 - restricted ptrace: a process must have a predefined relationship
with the inferior it wants to call PTRACE_ATTACH on. By default,
this relationship is that of only its descendants when the above
classic criteria is also met. To change the relationship, an
inferior can call prctl(PR_SET_PTRACER, debugger, ...) to declare
an allowed debugger PID to call PTRACE_ATTACH on the inferior.
Using PTRACE_TRACEME is unchanged.
2 - admin-only attach: only processes with CAP_SYS_PTRACE may use ptrace
with PTRACE_ATTACH, or through children calling PTRACE_TRACEME.
3 - no attach: no processes may use ptrace with PTRACE_ATTACH nor via
PTRACE_TRACEME. Once set, this sysctl value cannot be changed.
78
您可以使用 gdb -p PID 附加到正在运行的进程 .
3
是 . 你可以做:
gdb program_name program_pid
一个快捷方式是(假设只运行一个实例):
gdb program_name `pidof program_name`
2
要使用的命令是 gdb attach pid ,其中pid是要附加到的进程的进程ID .
22
是的你可以 . 假设进程 foo 正在运行...
ps -elf | grep foo
look for the PID number
gdb -a {PID number}
7 回答
是 . 使用
attach
命令 . 有关更多信息,请查看this link . 在GDB控制台上键入help attach
可提供以下信息:注意:由于improved security in the Linux kernel,您可能无法附加到进程 - 例如,将一个shell的子项附加到另一个shell的子项 .
您可能需要根据您的要求设置
/proc/sys/kernel/yama/ptrace_scope
. 现在许多系统默认为1
或更高 .您可以使用
gdb -p PID
附加到正在运行的进程 .是 . 你可以做:
一个快捷方式是(假设只运行一个实例):
要使用的命令是 gdb attach pid ,其中pid是要附加到的进程的进程ID .
是的你可以 . 假设进程
foo
正在运行...ps -elf似乎没有显示PID . 我推荐使用:
如果想要附加进程,则此进程必须具有相同的所有者 . 根可以附加到任何进程 .