hardening-wrapper and debug symbols

To: debian-devel@lists.debian.org
Subject: hardening-wrapper and debug symbols
From: Peter Eisentraut <petere@debian.org>
Date: Fri, 23 Oct 2009 15:27:02 +0300
Message-id: <[🔎] 1256300822.13273.39.camel@fsopti579.F-Secure.com>

I found out the hard way that when a package is built with
hardening-wrapper, then debugging it with gdb results in seriously
suboptimal backtraces like this:

#0  0xb7d01424 in __kernel_vsyscall ()
#1  0xb7816d11 in ?? ()
#2  0xb7e973a2 in ?? ()
#3  0xb7e9784b in ?? ()
#4  0xb7f1c8fd in ?? ()
#5  0xb7eeae1b in ?? ()
#6  0xb7eebee7 in ?? ()
#7  0xb7e998d9 in ?? ()
#8  0xb774a7a5 in ?? ()
#9  0xb7d73011 in ?? ()

whether or not I have the -dbg package installed.  If I rebuild the
package without hardening-wrapper, I get a normal backtrace (with more
or less information, depending on whether the -dbg package is
installed).

First of all, is this normal?  Is there anything that can be done about
it?  The http://wiki.debian.org/Hardening page doesn't appear to cover
it.

Since debug packages and hardening-wrapper are both spreading in an
ad-hoc way across packages, it appears that we'll end up with a rather
nonuniform collection of packages that sometimes can be debugged,
sometimes can be debugged a little bit, and sometimes cannot be debugged
at all.

Also, hardening-wrapper describes itself as "experimental" and "for
build testing".  Is it appropriate for large-scale use in mainstream
packages intended for release?

Reply to:

Follow-Ups:
- Re: hardening-wrapper and debug symbols
  - From: Julien Cristau <jcristau@debian.org>

Prev by Date: ITP: jclicmoodle -- JClic module for Moodle
Next by Date: Re: hardening-wrapper and debug symbols
Previous by thread: ITP: jclicmoodle -- JClic module for Moodle
Next by thread: Re: hardening-wrapper and debug symbols
Index(es):
- Date
- Thread