A common misconception among Go developers is that stripping Go binaries – that is using the
strip(1) Unix utility –
is unsupported and leads to broken programs. This misconception is perpetuated on mailing lists and other forums without
providing actual proof for why it is supposedly unsafe.
This article will try to explain how this misconception came to be and why it is not a real concern anymore.
The misconception hasn’t always been that. At various points in time, stripping Go binaries could in fact break them. These cases were always considered bugs and were fixed eventually.
Invalid ELF binaries ¶
The majority of issues were caused by slightly incorrect ELF binaries.
Issue 261 – created in 2009 and fixed in 2010 by CL 994044 – and issue 1242 – created in 2010 and fixed in 2011 by CLs 4639077 and 4808043 – are the two prominent issues that existed with stripped binaries. In both cases, the ELF binaries didn’t have the required layout or headers to make strip work correctly.
ld -s ¶
Go’s linker has itself a flag to omit writing the symbol table and debug information. This flag had bugs causing crashes
as well. These bugs were more recent, occurring in 2013 and 2015. However, the flag and
strip are not related and
strip continued functioning correctly during that time. Nevertheless, these new bugs reinforced the idea that
was still broken. Furthermore, these bugs have been fixed as well. They were tracked by the issues 6245 and 10254, fixed
by CLs 13751045, 10835 and 11695.
Current situation ¶
In early 2016, the question of stripping Go binaries was brought up on the golang-dev mailing list. Here, Keith Randall and Matthew Dempsky confirm that stripping ELF binaries should already be safe, and if it wasn’t that it’d be considered a bug. Russ Cox further confirms that it is working and “has worked for the past five years or so”.
In an experiment at CL 20584, Michael Hudson-Doile proves that stripping Go binaries does not cause any tests to fail, with the exception of an odd crash on Darwin, which does not affect ELF binaries.
To conclude: stripping Go binaries, at least on systems that use ELF binaries, is safe and has been safe since 2011.
Similarly, using the Go linker’s
-s flag has been safe for many years, various short-lived bugs aside.
This article did not explicitly investigate the stripping of PE and Mach-O binaries. However, there are no known issues with stripping PE binaries, and stripping Mach-O binaries only caused an issue in the experiment in CL 20584. No issues in real-world use cases are known.
Addendum: Another misconception about stripping Go binaries ¶
In addition to the misconception that stripping Go binaries breaks them, there have been several related misconceptions.
The biggest one is that
strip would make panic stacktraces useless by stripping function names, file names and line
numbers. This is not the case. While
strip will remove various useful debug information, it will not affect how panics
are rendered. This also implies that
strip is not sufficient to guarantee that all identifying information are removed
from an executable.