[Dwarf-Discuss] security implications of DWARF info

Michael Eager eager at eagercon.com
Wed Nov 24 09:26:19 PST 2010


travis+ml-dwarf at subspacefield.org wrote:
> Hey all,
> 
> Suppose you were a commercial software company and a big target for
> attackers.
> 
> Suppose also that you were wanting to release some amount of
> information so that third parties could classify crash dumps and
> figure out if something is a new issue or not, between different
> builds and versions.
> 
> What are the possible solutions?
> 
> 1) Give out full DWARF info.
>    I know that it gives symbol names &c, but is there other info that
>    would pose a security risk?  I'm guessing so.  Will read full spec
>    in good time, I suppose.
> 
> 2) Give out obfuscated symbol names.
>    How can you do this?  I'm mostly interested in munging human-readable
>    names into meaningless ones (e.g. function2501) in .dSYM files.
>    Can't find any tools for doing this easily.
> 
>    When doing this, how would I strip out all but what is necessary
>    for symbolicating crash dumps?
> 
> 3) Other options?

I think that the goals of security and analysis of
system crashes would be diametrically opposed.  DWARF
is used to debug programs, which essentially is the
ability to reverse engineer what the program is doing
(usually incorrectly).  If you don't want people to
analyze programs and find their flaws or security
gaps, I would recommend that you not make it easier
by providing DWARF (or any other debugging info).

(BTW, security through obscurity, by garbling
symbols, is not likely to be more than a minor
nuisance to someone who wants to reverse engineer
a program.  I've stepped through a lot of code in
a program without having source or symbols.)

If all you want to do is to tell if a failure has
been seen before, I think you probably can do this
without any DWARF debug info.  You would need to
characterize the failure and look for similarities.
Same failure mode, similar data patterns, similar
call stack entries, etc.

As an analogy, I can look at two photographs and
make a reasonable guess about whether the same
person is in each photo, despite differences,
without knowing who the person is, where the photos
were taken, or whether the dog is named Spot.

-- 
Michael Eager	 eager at eagercon.com
1960 Park Blvd., Palo Alto, CA 94306  650-325-8077




More information about the Dwarf-Discuss mailing list