hardening-wrapper and debug symbols
I found out the hard way that when a package is built with
hardening-wrapper, then debugging it with gdb results in seriously
suboptimal backtraces like this:
#0 0xb7d01424 in __kernel_vsyscall ()
#1 0xb7816d11 in ?? ()
#2 0xb7e973a2 in ?? ()
#3 0xb7e9784b in ?? ()
#4 0xb7f1c8fd in ?? ()
#5 0xb7eeae1b in ?? ()
#6 0xb7eebee7 in ?? ()
#7 0xb7e998d9 in ?? ()
#8 0xb774a7a5 in ?? ()
#9 0xb7d73011 in ?? ()
whether or not I have the -dbg package installed. If I rebuild the
package without hardening-wrapper, I get a normal backtrace (with more
or less information, depending on whether the -dbg package is
installed).
First of all, is this normal? Is there anything that can be done about
it? The http://wiki.debian.org/Hardening page doesn't appear to cover
it.
Since debug packages and hardening-wrapper are both spreading in an
ad-hoc way across packages, it appears that we'll end up with a rather
nonuniform collection of packages that sometimes can be debugged,
sometimes can be debugged a little bit, and sometimes cannot be debugged
at all.
Also, hardening-wrapper describes itself as "experimental" and "for
build testing". Is it appropriate for large-scale use in mainstream
packages intended for release?
Reply to: