Date: Thu, 27 Nov 2008 07:32:23 +0000 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: "Paul B. Mahol" <onemda@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: large binary, why not strip ? Message-ID: <492E4D07.8030908@infracaninophile.co.uk> In-Reply-To: <3a142e750811260901j134e9ff9pa334fc50c52fadd2@mail.gmail.com> References: <b10011eb0811160042w158656bld3b91a2bf7cfdd3f@mail.gmail.com> <20081116125622.E24752@wojtek.tensor.gdynia.pl> <20081117172100.GB43367@hub.freebsd.org> <b10011eb0811171040y536d5e18y171ca9aed686f9bf@mail.gmail.com> <20081117210649.GE63818@hub.freebsd.org> <49226AFD.6060505@infracaninophile.co.uk> <492D7E03.3070500@infracaninophile.co.uk> <3a142e750811260901j134e9ff9pa334fc50c52fadd2@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
Paul B. Mahol wrote:
> On 11/26/08, Matthew Seaman <m.seaman@infracaninophile.co.uk> wrote:
>> Matthew Seaman wrote:
>>> Kris Kennaway wrote:
>>>
>>>> Bonus points if you come up with a patch to do this: in most cases it
>>>> will be a simple matter of changing the port's do-install: target to
>>>> use INSTALL_* macros instead of cp/bsdtar etc. This would be a good
>>>> project to get some familiarity with the ports tree.
>>> Would it be worthwhile to add a test and warning that all installed
>>> binaries
>>> have not been stripped to the 'security-check' target in bsd.port.mk?
>>> That's
>>> not really what that target was intended for (feeping creaturism alert!)
>>> but
>>> it's the obvious place to put such a test.
>>>
>>> Probably cleaner to create a whole new target, but that's going to
>>> duplicate
>>> some code.
>>>
>>> Hmmmm... I shall work up some patches, probably over the weekend, so
>>> there's
>>> something substantive to talk about.
>> Done: ports/129210
>>
>> For the record, I also discovered that, contrary to what I said earlier,
>> there is apparently one class of binary object that will not work correctly
>> if stripped: kernel loadable modules.
>
> Kernel loadable modules are already stripped (--strip-debug).
>
KLDs aren't stripped in a way that file(1) recognises:
happy-idiot-talk:/boot/kernel:% file if_em.ko
if_em.ko: ELF 32-bit LSB shared object, Intel 80386, version 1 (FreeBSD), dynamically linked, not stripped
Unfortunately file(1) seems to be about the only tool available to test
a priori whether a binary object is stripped or not. It's possible
that objdump(1) or readelf(1) could do a similar thing, but I can't
work it out from those man pages.
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW
[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEAREIAAYFAkkuTQ0ACgkQ8Mjk52CukIxrEwCfaQjjWeZQ/qnGCp81H34gveXt
AeIAoJGs+X6HOsYSxypwxTXc8ptXa+ga
=NK0p
-----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?492E4D07.8030908>