How to debug an application requiring low ports to be opened with GDB on Ubuntu
I have an application that requires to open port 80.
In accordance to this, I gave the binary capabilities to open low ports.
Also I gave capabilities to gdb itself.
When I run the binary, port is opened successfully, but when I run it with GDB I have error with errno = 13.
IMPORTANT: Running application with sudo is exactly the thing that I want to avoid
I gave the binary capabilities to open low ports.
When the binary is being debugged (ptraced), the kernel ignores its capabilities. That is a reasonable security precaution, because a ptraced binary can be made to do anything.
Also I gave capabilities to gdb itself.
That doesn't change above picture.
Running application with sudo is exactly the thing that I want to avoid
You don't have to run the application with sudo, just the GDB.
Alternatively, have the application open port 8080, and set up port forwarding.
I would like to moot an alternative way of debugging your application using authbind.
This could help out in situations where the port number cannot / should not be changed in your application's code.
Using the information from this article I did the following (one time process):
- install
authbindif needed - sudo touch
/etc/authbind/byport/80 - sudo chmod 500
/etc/authbind/byport/80 - sudo chown userid.userid
/etc/authbind/byport/80
(where "userid" reads the launching user, most likely your own)
From there on launch your application using:authbind --deep /path/to/app
Upside: no need to change your port number in the code.
Downside: because your app needs to be started by authbind you may need to attach the debugger to the process, rather than debug straight from your favourite IDE.
There is no need to set the capabilities of your app (setcap) using this method.