Terminal – How to Fix macOS Sierra GDB Not Codesigned

code-signinghomebrewmacosterminal

First I should note that I'm using macOS Sierra (version 10.12 beta 16A238m), but I don't think it's that different than El Capitan in this certain situation (but I guess you know more than I do about that, or I wouldn't be here right now asking this question).

So I installed GDB (The GNU Debugger) for following among a book I am currently reading ("Hacking: The Art of Exploitation"), which only explains how to use GDB, so I can't use LLDB. I installed it using Homebrew (brew install gdb), and everything worked fine. Until I used it.
I compiled my C source code using clang -g hello_word.c -o hello_world (it's just a simple C "Hello, World!" program), and then I run gdb -q hello_world, and here's the session:

Chens-MacBook-Pro:C chenjian$ gdb -q hello_world
Reading symbols from hello_world...Reading symbols from /Users/chenjian/Documents/Coding/Projects/RandomDev/C/hello_world.dSYM/Contents/Resources/DWARF/hello_world...done.
done.
(gdb) list
1   #include <stdio.h>
2   
3   int main() {
4       printf("Hello, World!\n");
5   }
(gdb) break main
Breakpoint 1 at 0x100000f6f: file hello_world.c, line 4.
(gdb) run
Starting program: /Users/chenjian/Documents/Coding/Projects/RandomDev/C/hello_world 
Unable to find Mach task port for process-id 42492: (os/kern) failure (0x5).
 (please check gdb is codesigned - see taskgated(8))

So I googled a bit about codesigning, and found this. So I went through the instructions (except for the ones for Snow Leopard), and it still doesn't work! Anyone knows how I can make it work?

Best Answer

Yes, code signing should work is a substantially better alternative to disabling SIP. I can't really believe how often disabling SIP is suggested as a solution to this problem - if you get desperate I'd sooner advise running sudo gdb (have backups!) than disabling SIP.

For me, the problem was that I repeatedly messed up one or more steps in the procedure. I ended up doing brew reinstall gdb, deleting all the certificates I had created, rebooting and then very carefully following the procedure again. Note that when you install gdb with Homebrew, the following is shown:

==> Caveats
gdb requires special privileges to access Mach ports.
You will need to codesign the binary. For instructions, see:

  https://sourceware.org/gdb/wiki/BuildingOnDarwin

On 10.12 (Sierra) or later with SIP, you need to run this:

  echo "set startup-with-shell off" >> ~/.gdbinit

Those instructions were what worked for me on Sierra. Disabling startup-with-shell so far has not been necessary, but it's worth keeping in mind if you're sure that you did it all correctly and the troubleshooting section of the link is of no use.

Related Question