Re: New service: https://debuginfod.debian.net

To: Ian Campbell <ijc@debian.org>
Cc: "Frank Ch. Eigler" <fche@redhat.com>, debian-devel <debian-devel@lists.debian.org>
Subject: Re: New service: https://debuginfod.debian.net
From: Sergio Durigan Junior <sergiodj@debian.org>
Date: Thu, 25 Feb 2021 15:55:17 -0500
Message-id: <[🔎] 87ft1jg956.fsf@paluero>
In-reply-to: <[🔎] 9e0482b65b1574bc0e093f3c21e347818590876c.camel@debian.org> (Ian Campbell's message of "Thu, 25 Feb 2021 20:03:01 +0000")
References: <87r1l6jf4l.fsf@paluero> <[🔎] 157bf59b931f427647aeecfa281502ae55791b5e.camel@debian.org> <[🔎] 8886dcb8202a231f6ff0f442df039ca89e538a50.camel@debian.org> <87lfbd9pvk.fsf@redhat.com> <[🔎] 9e0482b65b1574bc0e093f3c21e347818590876c.camel@debian.org>

On Thursday, February 25 2021, Ian Campbell wrote:

>> What about information leakage? apart from debugids does this leak
>> anything else to the server? On a quick look it seems like it might
>> potentially leak source code paths (at least the leaf bits) to things
>> being debugged -- does this mean that if a user is debugging private
>> software (perhaps unpublished or perhaps proprietary software for
>> $work) on a Debian system they are at risk of leaking the source
>> filenames if they run gdb on one of their binaries while debugging?
>> This might be a problem if it comes to enabling this transparently.
>
> Yes, it might.  On the other hand, this is mitigated by a few aspects.
> Mainly, debuginfod clients like gdb only call out to the system in case
> they have failed to look up the needed data another way.  So if you're
> debugging local software built normally, the buildids / source names
> won't leak because the debugger will find them locally, and debuginfod
> servers are not consulted.
>
> Users who debug secret software but still wish to use internal
> debuginfod distribution for it, can do so by setting up a personal
> debuginfod instance whereever the secret stuff is held, and configure
> that server to federate upstream to the public server.  That way, the
> public server will only see traffic that the local one couldn't satisfy.
>
> Do these considerations overcome the concerns, so as to provide a
> comfortable out-of-the-box experience for most users?

Thanks for the reply, Frank.

As I said in the announcement message, I have proposed a Merge Request
against elfutils in order to enable the automatic usage of our
debuginfod server.  I know that there are people who are not comfortable
with having a debugger consult a remote server "behind their backs", so
a possible mitigation to this issue would be to have a debconf question
asking whether the user wants to enable system-wide debuginfod usage or
not.

Thanks,

-- 
Sergio
GPG key ID: 237A 54B1 0287 28BF 00EF  31F4 D0EB 7628 65FC 5E36
Please send encrypted e-mail if possible
https://sergiodj.net/

Reply to:

Follow-Ups:
- Re: New service: https://debuginfod.debian.net
  - From: Ian Campbell <ijc@debian.org>
- Re: New service: https://debuginfod.debian.net
  - From: Kurt Roeckx <kurt@roeckx.be>

References:
- Re: New service: https://debuginfod.debian.net
  - From: Ian Campbell <ijc@debian.org>
- Re: New service: https://debuginfod.debian.net
  - From: Ian Campbell <ijc@debian.org>
- Re: New service: https://debuginfod.debian.net
  - From: Ian Campbell <ijc@debian.org>

Prev by Date: New IRC Server
Next by Date: Re: Contributing without your real name
Previous by thread: Re: New service: https://debuginfod.debian.net
Next by thread: Re: New service: https://debuginfod.debian.net
Index(es):
- Date
- Thread