I'm trying to understand why gdb is able to debug a process even if it runs without capabilities.
My non-root user has the following configuration:
$ /sbin/capsh --print
Current: =
Bounding set =cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_linux_immutable,cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw,cap_ipc_lock,cap_ipc_owner,cap_sys_module,cap_sys_rawio,cap_sys_chroot,cap_sys_ptrace,cap_sys_pacct,cap_sys_admin,cap_sys_boot,cap_sys_nice,cap_sys_resource,cap_sys_time,cap_sys_tty_config,cap_mknod,cap_lease,cap_audit_write,cap_audit_control,cap_setfcap,cap_mac_override,cap_mac_admin,cap_syslog,cap_wake_alarm,cap_block_suspend,cap_audit_read
Securebits: 00/0x0/1'b0
secure-noroot: no (unlocked)
secure-no-suid-fixup: no (unlocked)
secure-keep-caps: no (unlocked)
uid=1000(test)
gid=1000(test)
groups=1000(test)
GDB hasn't any capability activated
$ /sbin/getcap /usr/bin/gdb
$
But I'm able to debug a process, set a breakpoint and so on.
I thought gdb needed
cap_sys_ptrace
at least in order to work correcly, but seems I'm wrong. Can you explain me why I'm able to debug a process?
