[Dwarf-Discuss] security implications of DWARF info

travis+ml-dwarf@subspacefield.org travis+ml-dwarf
Wed Nov 24 19:36:55 GMT 2010

On Wed, Nov 24, 2010 at 05:15:58PM +0000, Robinson, Paul T (JCTL-NonStop) wrote:
> The point of DWARF is to provide information that will help you
> understand the execution of the code.  Whether you are the one
> developing the code or reverse-engineering the code, the information
> is the same.

Clearly stated.  I hadn't thought about it that way, thanks. :-)

> I am not familiar with dSYM files either

I learned most of what I know from:


> in ELF object files,
> even if you strip out all the DWARF there will still be the ELF
> symbol table.  If you are looking at a DLL the ELF symbol table
> cannot avoid listing the names of all exported entrypoints; and
> typically it would have all entrypoints and static/global data names.
> That symbol table is sufficient for presenting a symbolic traceback
> of the call chain at the point of an abend, and if that's all you
> need, then stripping the DWARF completely sounds like what you want.

Sort of.  This third party is upset with us for not giving them
symbols, and it has to be in a dSYM format due to elaborate crash
analysis code - the details aren't important.  We're already doing
something reasonable with standard ELF symbols.

Technically, we could symbolicate naked crash dumps, and avoid
shipping any information whatsoever, but it turns out my VP has told
them we'd do this for them.

> Whether you can obfuscate the object-file's symbol table is a
> separate question for some other mailing list.

libbfd/binutils, specifically :-)

I guess I need to look at whether I can generate a minimal dSYM,
and I only have a few days in which to do it.  Wish me luck :-)

PS: Thanks for the libdwarf links, that looks useful.
Good code works on most inputs; correct code works on all inputs.
My emails do not have attachments; it's a digital signature that your mail
program doesn't understand. | http://www.subspacefield.org/~travis/ 
If you are a spammer, please email john at subspacefield.org to get blacklisted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.dwarfstd.org/private.cgi/dwarf-discuss-dwarfstd.org/attachments/20101124/7c79dc6c/attachment.pgp>

More information about the Dwarf-discuss mailing list