Send me an email!
Stripping Go ELF binaries is safe
A common misconception among Go developers is that stripping Go
binaries – that is using the strip(1)
Unix utility – is unsupported
and leads to broken programs. This misconception is perpetuated on
mailing lists and other forums without providing actual proof for why
it is supposedly unsafe.
This article will try to explain how this misconception came to be and why it is not a real concern anymore.
History
The misconception hasn’t always been that. At various points in time, stripping Go binaries could in fact break them. These cases were always considered bugs and were fixed eventually.
Invalid ELF binaries
The majority of issues were caused by slightly incorrect ELF binaries.
Issue 261 – created in 2009 and fixed in 2010 by CL 994044 – and issue 1242 – created in 2010 and fixed in 2011 by CLs 4639077 and 4808043 – are the two prominent issues that existed with stripped binaries. In both cases, the ELF binaries didn’t have the required layout or headers to make strip work correctly.
ld -s
Go’s linker has itself a flag to omit writing the symbol table and
debug information. This flag had bugs causing crashes as well. These
bugs were more recent, occurring in 2013 and 2015. However, the
flag and strip
are not related and strip
continued functioning
correctly during that time. Nevertheless, these new bugs reinforced
the idea that strip
was still broken. Furthermore, these bugs have
been fixed as well. They were tracked by the issues
6245 and
10254, fixed by CLs
13751045,
10835 and
11695.
Current situation
In early 2016, the question of stripping Go binaries was brought up on the golang-dev mailing list. Here, Keith Randall and Matthew Dempsky confirm that stripping ELF binaries should already be safe, and if it wasn’t that it’d be considered a bug. Russ Cox further confirms that it is working and “has worked for the past five years or so”.
In an experiment at CL 20584, Michael Hudson-Doile proves that stripping Go binaries does not cause any tests to fail, with the exception of an odd crash on Darwin, which does not affect ELF binaries.
Conclusion
To conclude: stripping Go binaries, at least on systems that use ELF
binaries, is safe and has been safe since 2011. Similarly, using the
Go linker’s -s
flag has been safe for many years, various
short-lived bugs aside.
This article did not explicitly investigate the stripping of PE and Mach-O binaries. However, there are no known issues with stripping PE binaries, and stripping Mach-O binaries only caused an issue in the experiment in CL 20584. No issues in real-world use cases are known.
Addendum: Another misconception about stripping Go binaries
In addition to the misconception that stripping Go binaries breaks
them, there have been several related misconceptions. The biggest one
is that strip
would make panic stacktraces useless by stripping
function names, file names and line numbers. This is not the case.
While strip
will remove various useful debug information, it will
not affect how panics are rendered. This also implies that strip
is
not sufficient to guarantee that all identifying information are
removed from an executable.