After MacOS X 10.8, the GDB debugging tool installed will prompt error when used:
Unable to find Mach task port for process-id 28885: (os/kern) failure (0x5).
(please check gdb is codesigned - see taskgated(8))
This is because the Darwin kernel will refuse to allow gdb to debug another process if you don’t have special rights, since debugging a process means having full control over that process, and that isn’t allowed by default since it would be exploitable by malware. (The kernel won’t refuse if you are root, but of course you don’t want to be root to debug.)
The most up to date method to allow gdb to control another process is to sign it with any system-trusted code signing authority. This is an easy process once you have a certificate (see the section below).
This error occurs because OSX implements a pid access policy which requires a digital signature for binaries to access other processes pids. To enable gdb access to other processes, we must first code sign the binary. This signature depends on a particular certificate, which the user must create and register with the system.
To create a code signing certificate, open the Keychain Access application. Choose menu Keychain Access -> Certificate Assistant -> Create a Certificate…
Choose a name for the certificate (e.g., gdb-cert), set Identity Type to Self Signed Root, set Certificate Type to Code Signing and select the Let me override defaults. Click several times on Continue until you get to the Specify a Location For The Certificate screen, then set Keychain to System.
Double click on the certificate, open Trust section, and set Code Signing to Always Trust. Exit Keychain Access application.
Restart the taskgated service, and sign the binary.
sudokillalltaskgated
s
u
d
o
k
i
l
l
a
l
l
t
a
s
k
g
a
t
e
d
codesign -fs gdb-cert “$(which gdb)”
source http://andresabino.com/2015/04/14/codesign-gdb-on-mac-os-x-yosemite-10-10-2/
On macOS 10.12 (Sierra) and later, you must also
Use gdb 7.12.1 or later Additionally prevent gdb from using a shell to start the program to be debugged. You can use the following command for this inside gdb:
set startup-with-shell off
You can also put this last command in a file called .gdbinit in your home directory, in which case it will be applied automatically every time you start gdb
echo “set startup-with-shell off” >> ~/.gdbinit
Read More:
- Command codesign failed with a nonzero exit code or revoke certificate for IOS / Xcode problems
- command/usr/bin/codesign failed with exit code 1- code sign error
- Extraskloatitles failed error = 22
- Was import certificate — error prompt: java.security.cert .CertPathValidatorException: Certificate chaining error
- K8s configure HTTPS with existing certificate
- WSS connection server error
- When linux installs rpm, it prompts: can’t create transaction lock on /var/lib/rpm/.rpm.lock error
- Solution: unity package failed. Commandinvocationfailure: gradle build failed
- Example of public key signature and verification generated with fabric case
- Apache failed to start due to SSL library certificate has expired
- openssl TXT_DB error number 2 failed to update database
- SELinux solution to Apache SSL failure
- “ XX.app ”It is damaged and cannot be opened. You should move it to the wastebasket.
- Resolve the problem of “event ID 4107” or “event ID 11” errors recorded in the application logs of windows and windows server
- OpenLDAP main: TLS init def ctx failed: -1
- SAP ABAP HTTPS installation certificate to SAP application server
- mysql configuration supports SSL connection
- Certificate chaining error in sphere
- Failure [INSTALL_PARSE_FAILED_NO_CERTIFICATES: … has no certificates at entry AndroidManifest.xml]
- Completely solve install_ FAILED_ UPDATE_ Incompatible installation error, the installation package is not consistent with the previous installation package signature on the device