I found out the hard way that when a package is built with hardening-wrapper, then debugging it with gdb results in seriously suboptimal backtraces like this:
#0 0xb7d01424 in __kernel_vsyscall () #1 0xb7816d11 in ?? () #2 0xb7e973a2 in ?? () #3 0xb7e9784b in ?? () #4 0xb7f1c8fd in ?? () #5 0xb7eeae1b in ?? () #6 0xb7eebee7 in ?? () #7 0xb7e998d9 in ?? () #8 0xb774a7a5 in ?? () #9 0xb7d73011 in ?? () whether or not I have the -dbg package installed. If I rebuild the package without hardening-wrapper, I get a normal backtrace (with more or less information, depending on whether the -dbg package is installed). First of all, is this normal? Is there anything that can be done about it? The http://wiki.debian.org/Hardening page doesn't appear to cover it. Since debug packages and hardening-wrapper are both spreading in an ad-hoc way across packages, it appears that we'll end up with a rather nonuniform collection of packages that sometimes can be debugged, sometimes can be debugged a little bit, and sometimes cannot be debugged at all. Also, hardening-wrapper describes itself as "experimental" and "for build testing". Is it appropriate for large-scale use in mainstream packages intended for release? -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
