After MacOS X 10.8, the GDB debugging tool installed will prompt error when used:
Unable to find Mach task port for process-id 28885: (os/kern) failure (0x5).
(please check gdb is codesigned - see taskgated(8))This is because the Darwin kernel will refuse to allow gdb to debug another process if you don’t have special rights, since debugging a process means having full control over that process, and that isn’t allowed by default since it would be exploitable by malware. (The kernel won’t refuse if you are root, but of course you don’t want to be root to debug.)
The most up to date method to allow gdb to control another process is to sign it with any system-trusted code signing authority. This is an easy process once you have a certificate (see the section below).
This error occurs because OSX implements a pid access policy which requires a digital signature for binaries to access other processes pids. To enable gdb access to other processes, we must first code sign the binary. This signature depends on a particular certificate, which the user must create and register with the system.
To create a code signing certificate, open the Keychain Access application. Choose menu Keychain Access -> Certificate Assistant -> Create a Certificate…
Choose a name for the certificate (e.g., gdb-cert), set Identity Type to Self Signed Root, set Certificate Type to Code Signing and select the Let me override defaults. Click several times on Continue until you get to the Specify a Location For The Certificate screen, then set Keychain to System.
Double click on the certificate, open Trust section, and set Code Signing to Always Trust. Exit Keychain Access application.
Restart the taskgated service, and sign the binary.
sudokillalltaskgated
s
u
d
o
k
i
l
l
a
l
l
t
a
s
k
g
a
t
e
d
codesign -fs gdb-cert “$(which gdb)”
source http://andresabino.com/2015/04/14/codesign-gdb-on-mac-os-x-yosemite-10-10-2/
On macOS 10.12 (Sierra) and later, you must also
Use gdb 7.12.1 or later Additionally prevent gdb from using a shell to start the program to be debugged. You can use the following command for this inside gdb:
set startup-with-shell off
You can also put this last command in a file called .gdbinit in your home directory, in which case it will be applied automatically every time you start gdb
echo “set startup-with-shell off” >> ~/.gdbinit
Read More:
- Command codesign failed with a nonzero exit code or revoke certificate for IOS / Xcode problems
- command/usr/bin/codesign failed with exit code 1- code sign error
- Extraskloatitles failed error = 22
- Was import certificate — error prompt: java.security.cert .CertPathValidatorException: Certificate chaining error
- K8s configure HTTPS with existing certificate
- Configure HTTPS and self signed certificate for nginx
- WSS connection server error
- Solution: unity package failed. Commandinvocationfailure: gradle build failed
- When linux installs rpm, it prompts: can’t create transaction lock on /var/lib/rpm/.rpm.lock error
- Example of public key signature and verification generated with fabric case
- cURL error 60: SSL certificate problem: self signed certificate in certificate chain
- openssl TXT_DB error number 2 failed to update database
- “ XX.app ”It is damaged and cannot be opened. You should move it to the wastebasket.
- SELinux solution to Apache SSL failure
- Apache failed to start due to SSL library certificate has expired
- Resolve the problem of “event ID 4107” or “event ID 11” errors recorded in the application logs of windows and windows server
- OpenLDAP main: TLS init def ctx failed: -1
- SAP ABAP HTTPS installation certificate to SAP application server
- mysql configuration supports SSL connection
- Kvm internal error: process exited :cannot set up guest memory ‘pc.ram‘:Cannot allocate memory