Date: Wed, 5 Sep 2012 05:31:35 +0300 From: Konstantin Belousov <kostikbel@gmail.com> To: Dimitry Andric <dim@freebsd.org> Cc: Eitan Adler <lists@eitanadler.com>, freebsd-hackers@freebsd.org, freebsd-ports@freebsd.org, Jake Smith <jake@avenue22.net> Subject: Re: Building with WITH_DEBUG (-g) in make.conf Message-ID: <20120905023135.GB33100@deviant.kiev.zoral.com.ua> In-Reply-To: <504677AB.8040908@FreeBSD.org> References: <53c5133d8fac4f4353eda0add82e2234@viper-webmail.viper.enta.net> <CAF6rxgncRbkdKHniV5qRSxxt2OR35LomeyJObugRkBeAYMBV6A@mail.gmail.com> <504677AB.8040908@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--iKZcyocDyhoWQlc5 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Sep 04, 2012 at 11:50:35PM +0200, Dimitry Andric wrote: > On 2012-09-04 17:53, Eitan Adler wrote: > >On 4 September 2012 05:26, Jake Smith <jake@avenue22.net> wrote: > ... > >>It got me thinking, is there any reason why it would be a bad idea to= =20 > >>build > >>all my ports with debug symbols from now on? > > > >>Are there any performance hits > > > >Yes. Code size grows and the flags may enable internal > >debugging in the program itself. >=20 > There's a difference between just using '-g', which should never change > the behaviour of the program at runtime, and adding -DDEBUG or similar > flags on the command line, which may or may not enable extra code, or > even cause totally different code paths. >=20 > What is not different, is that both -g and other debugging options will > generally cause compiling and linking to take longer, since these stages > will have to process the additional debug information. >=20 >=20 > >>or security risks with this? > > > >no. >=20 > You cannot know in general. If debug options enable a different code > path, you might as well get a security problem with it for free. :) >=20 > I have seen many debug printf's which could easily be exploited for > buffer overruns, etc. >=20 > However, only using '-g' should make no difference, indeed. To nitpick, this is not true if you have code that explicitely tries to use dwarf information from the resulting binary. Think e.g. libunwind which can be configured to use .debug sections. --iKZcyocDyhoWQlc5 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (FreeBSD) iEYEARECAAYFAlBGuYYACgkQC3+MBN1Mb4jJEgCgioTPiVnbFIvxbwW0d/vCLEW9 M0QAmwWdixjyhUs/ulSNPo7OT7J+gHzi =Az3L -----END PGP SIGNATURE----- --iKZcyocDyhoWQlc5--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120905023135.GB33100>