Skip to content

Instantly share code, notes, and snippets.

@jdiego

jdiego/codesign_gdb.md

Forked from hlissner/codesign_gdb.md
Last active August 2, 2024 09:05
Show Gist options
  • Save jdiego/7096d3ff7880fa19bebde68a36394d75 to your computer and use it in GitHub Desktop.
Save jdiego/7096d3ff7880fa19bebde68a36394d75 to your computer and use it in GitHub Desktop.
Download ZIP
Codesign gdb on OSX
Raw
codesign_gdb.md

If you are getting this in gdb on OSX while trying to run a program:

Unable to find Mach task port for process-id 57573: (os/kern) failure (0x5).
 (please check gdb is codesigned - see taskgated(8))
  1. Open Keychain Access
  2. In menu, open Keychain Access > Certificate Assistant > Create a certificate
  3. Give it a name (e.g. cert-gdb)
  • Identity type: Self Signed Root
  • Certificate type: Code Signing
  • Check: let me override defaults
  1. Continue until "specify a location for..."
  2. Keychain = System
  3. Close. Find certificate in System keychains.
  4. Specify a Location, make sure you choose the Keychain option of System
  5. Get Info
  6. Expand Trust, set Code signing to always trust
  7. With a certificate created, restart the machine. Yes there are other ways to do this, but trust me its just easier to restart and be sure everything is working.

Right with a certificate we need to apply it to the binary, first of create an entitlements file, this is an XML file that shows associated permissions you want to grant the binary.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
"http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>com.apple.security.cs.allow-jit</key>
    <true/>
    <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
    <true/>
    <key>com.apple.security.cs.allow-dyld-environment-variables</key>
    <true/>
    <key>com.apple.security.cs.disable-library-validation</key>
    <true/>
    <key>com.apple.security.cs.disable-executable-page-protection</key>
    <true/>
    <key>com.apple.security.cs.debugger</key>
    <true/>
    <key>com.apple.security.get-task-allow</key>
    <true/>
</dict>
</plist>

With the file saved (in my case as gdb.xml) then the final setup is:

codesign --entitlements gdb.xml -fs gdb-cert /usr/local/bin/gdb

Few Gotchas

Ok assuming you found this after some Googling, you might reach the end of the above steps and run gdb think everything is going fine and it hangs with a message something like:

(gdb) run
Starting program: /Users/tnash/AppProjects/password/target/debug/password
Note: this version of macOS has System Integrity Protection.
Because `startup-with-shell' is enabled, gdb has worked around this by
caching a copy of your shell.  The shell used by "run" is now:
    /Users/tnash/Library/Caches/gdb/bin/zsh
[New Thread 0xc03 of process 27325]
[New Thread 0xe03 of process 27325]

If this is you, then: echo "set startup-with-shell off" >> ~/.gdbinit

Finally, Done!

@DhavalDalal
Copy link

Thanks that helped me!

@gvrancken
Copy link

Thanks! Small note, in step 3 you called it cert-gdb and in the actual codesign command you use -fs gdb-cert.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment