wsl1 gdb failure

[152334H]

TLDR

wsl1 needs sudo for gdb; using pwntools with sudo will cause wsl detection to fail. Options include:

• ignoring this. Perhaps sudo should have its PATH corrected, and this is a user/wsl issue
• adding sudo to the arguments passed here (security horror)
• some mechanism to specifically launch only GDB as sudo

Update Pwntools First

This is a report about the latest pwntools stable release, 4.3.0, in relation to this older PR. This Issue Report is mostly smokescreen to ask why & how that PR fails to work on my machine.

Debug Output

from pwn import *
print(pwnlib.__version__)
r = process('/bin/cat')
gdb.attach(r)

produces this output:

4.3.0
[x] Starting local process '/bin/cat'
[+] Starting local process '/bin/cat': pid 779
[*] running in new terminal: /usr/bin/gdb -q  "/bin/cat" 779
[x] Waiting for debugger
[-] Waiting for debugger: debugger exited! (maybe check /proc/sys/kernel/yama/ptrace_scope)

with this window:

GEF for linux ready, type `gef' to start, `gef config' to configure
77 commands loaded for GDB 7.12.0.20161007-git using Python engine 3.5
[*] 3 commands could not be loaded, run `gef missing` to know why.
Reading symbols from /bin/cat...(no debugging symbols found)...done.
Attaching to program: /bin/cat, process 779
ptrace: Operation not permitted.
/mnt/c/Users/A/779: No such file or directory.
gef➤

If the python script is ran with sudo, this happens:

[*] running in new terminal: /usr/bin/gdb -q  "/bin/cat" 821
[ERROR] Could not find a terminal binary to use. Set context.terminal to your terminal.
Traceback (most recent call last):
  File "<stdin>", line 3, in <module>
  File "/usr/local/lib/python3.8/site-packages/pwnlib/context/__init__.py", line 1449, in setter
    return function(*a, **kw)
  File "/usr/local/lib/python3.8/site-packages/pwnlib/gdb.py", line 791, in attach
    gdb_pid = misc.run_in_new_terminal(cmd)
  File "/usr/local/lib/python3.8/site-packages/pwnlib/util/misc.py", line 244, in run_in_new_terminal
    log.error('Could not find a terminal binary to use. Set context.terminal to your terminal.')
  File "/usr/local/lib/python3.8/site-packages/pwnlib/log.py", line 424, in error
    raise PwnlibException(message % args)
pwnlib.exception.PwnlibException: Could not find a terminal binary to use. Set context.terminal to your terminal.

Cause of issue

running gdb without sudo on this version of wsl will prevent ptrace from attaching. Running python with sudo will lead to the if-statement here failing, because sudo doesn't inherit PATH from the main user, and consequently fails the which(cmd.exe) check.

$ sudo bash -c 'echo $PATH'
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
$ bash -c 'echo $PATH'
/home/a/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:...:/mnt/c/Windows/System32:...

Solutions

Prior to 4.3.0, I had this inside ~/.pwn.conf:

[context]
terminal=['cmd.exe', '/c', 'start', 'wsl.exe', '--', 'sudo', 'su', '-c']

This 'solved' the issue by giving every binary root privileges.

[Arusekk]

This can probably get solved easier after #1725. Also, why not disable YAMA? And does this work as intended if you replace r=process(...); gdb.attach(r) with r = gdb.debug(...)?

And why use M$ Windows NT as an exploitation environment in the first place? W has been getting more and more useless, pretty much since day one. Why don't you give another OS, say GNU/Linux a try? It is free of charge, safer, mature (just works™), has a sane community, if there is anything you don't like, you can just change it, you can even use Wine for running NT games/apps that happen to be misdesigned and work officially only on NT.

Pwntools will probably not support NT and/or WSL officially in any near future, but I am here to do my best anyway :)

[152334H]

This can probably get solved easier after #1725. Also, why not disable YAMA?

Didn't know about that! Whoops. It was set to 1 apparently.

If YAMA is meant to be disabled with pwntools, then alright.

And does this work as intended if you replace r=process(...); gdb.attach(r) with r = gdb.debug(...)?

Yes it does (with YAMA too).

And why use M$ Windows NT as an exploitation environment in the first place? W has been getting more and more useless, pretty much since day one. Why don't you give another OS, say GNU/Linux a try?

I completely agree. I'm only using Windows out of sheer inertia.

Pwntools will probably not support NT and/or WSL officially in any near future, but I am here to do my best anyway :)

Thanks for the effort. I'm going to take the hint and just close off this