[Devil-Linux-discuss] Re: Binaries not strippped?

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Heiko Zuerker wrote:

> We're actually stripping all the debug symbols from the binaries.
>  It may be, that we missed a few ones. Can you give us some more details?

Well, I'd say most are NOT stripped, e.g.:

$ file /bin/*|grep ', stripped'|wc -l
13
$ file /bin/*|grep ', not stripped'|wc -l
117
$ file /lib/*|grep ', stripped'|wc -l
5
$ file /lib/*|grep ', not stripped'|wc -l
106

etc. NB: this is from DL-1.2.5.

John van V. wrote:

> Can you please elaborate why stripped binaries are more secure ??

Well, I take it that any extraneous bits of data are in the best case 
harmless; and chances are (albeit low probably) they could be used to 
circumvent the security. Like function names etc. Granted, everything on 
the DL CD is available in the source form anayway, but it's an 
additional hassle for the cracker; why help him? See e.g. 
http://www.phrack.org/show.php?p=25&a=5, pay attention to "If you are 
familiar with programming with assemblers/dissemblers, ...".

Regards,

Evgeny