My ultimate goal in this endeavor is to be able to debug a program with a custom setarch personality that disables certain kernel security features for this process only. This solution should be deployed in a docker-based challenge environment. Namely, I want my program to be started with a call akin to:
setarch "$(uname -m)" --addr-no-randomize --read-implies-exec <my program and args>
Realizing this in GDB is not straightforward, however. Calling GDB itself with the setarch personality does not seem to affect the launch of the inferior program, as I still receive SIGSEGV errors when trying to run code on the data segment:
setarch "$(uname -m)" --addr-no-randomize --read-implies-exec gdb <my program> -ex "set args <my args>" ...
Therefore, it seems to me I'm stuck with putting the setarch call as the program launch argument, like so:
gdb setarch -ex "set args x86_64 --addr-no-randomize --read-implies-exec <my program and args>" ...
In this case, I can confirm that my exploit, which executes code on the data segment, works as intended. However, this option does not serve well to debugging, as of course, no source and debugging symbols for setarch are available (where self-compiling this program is not an option) and there is also no easy way to debug my inferior program, for which source code and debug symbols are available. Simply setting breakpoints into the functions of the program, of course, fails with GDB never hitting them.
Assuming GDB has no special support for controlling process personalities, it seems this question can be more generally asked as well: Is it possible to debug a known program with source code and debug symbols, which however has to be launched through a separate launcher (setarch) that we can't control?
Is it possible
At least two ways to do that:
setarch and make it wait for debugger to attach,