[Dwarf-Discuss] security implications of DWARF info

travis+ml-dwarf at subspacefield.org travis+ml-dwarf at subspacefield.org
Tue Nov 23 21:38:16 PST 2010


On Tue, Nov 23, 2010 at 08:43:44PM -0500, James Oakley wrote:
> How would it pose a security risk? Or do you mean would it aid reverse  
> engineers, thereby posing a risk to your intellectual property?

It's a bit more subtle than that.

I'm assuming that there's more information that function addresses.

Type information, for example, or mappings to source code lines.

Such information could aid reverse engineers.  Arguably, this is not
_real_ security, in that proper guesses or effort could reveal this,
but I'm not in favor of lowering the bar, personally.

I'm personally not so much interested in IP as in the security of
customers who run this software.  Already there have been a number of
very sophisticated attacks.

> I don't think this is the correct list for this question, but why don't 
> you just hash all of your symbol names and replace the names in the 
> strtab (or equivalent, I'm not familiar with dSYM or with development on 
> Darwin/OS X in general) with their hashes.

Well, we had an engineer use a hex editor and attempt to replace the
ASCII names of functions with enumerated names, padded to the original
length, but this naive approach only caught about 10% of the function
names, according to him.  Also, the modified file was flagged as
corrupt by whatever app was trying to use it.

Also, I'm concerned there would be a lot more information available.
In general, security issues dictate that you only give out what is
necessary to accomplish your goals - the blacklisting approach tends
to be less safe in the long run than whitelisting.  We know what is
necessary to allow third parties to match stack traces across
versioned releases; anything else is unnecessary risk.

However, I'm not familiar with libraries for
writing/generating/modifying DWARF files.  I checked the FAQ today;
the entries are empty.
-- 
Good code works on most inputs; correct code works on all inputs.
My emails do not have attachments; it's a digital signature that your mail
program doesn't understand. | http://www.subspacefield.org/~travis/ 
If you are a spammer, please email john at subspacefield.org to get blacklisted.



More information about the Dwarf-Discuss mailing list