[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Unstripped binaries, stripped at installation time?

Scavenging the mail folder uncovered Karl M. Hegbloom's letter:
> Hash: SHA1
>  Wouldn't it be better, to ease debugging, to ship unstripped `-ggdb'
>  compiled binaries, with a local option to strip them at install time?

oh, yea, give me 90% more bytes to download when i make an upgrade.
download sources and recompile with debugging on, if you need it
(it's a one-liner change in debian/rules ususally.)

>  This could also afford some protection against malicious
>  patch-hacking, where an evil devel runs an outer-build setup that
>  performs a sneaky patch, build, unpatch, dpkg-deb, dpkg-source
>  routine, to ship a binary with backdoor codes that appears clean when
>  the source package is examined.  If the debugging symbols are in the
>  system.tar.gz inside the binary .deb, perhaps a way to check and make
>  sure that kind of hanky-panky is not occuring could be devised.

i think crypto and good security measures prevent trojan horses much
more than some strange symbol-checking (that can't be automatized.)


Federico Di Gregorio
MIXAD LIVE System Programmer                           fog@mixadlive.com
Debian GNU/Linux Developer & Italian Press Contact        fog@debian.org
                             Best friends are often failed lovers. -- Me

Reply to: