Dominik Honnef

Are you looking for a Go programmer to implement your latest idea?
Send me an email!

Stripping Go ELF binaries is safe

A common misconception among Go developers is that stripping Go binaries – that is using the strip(1) Unix utility – is unsupported and leads to broken programs. This misconception is perpetuated on mailing lists and other forums without providing actual proof for why it is supposedly unsafe.

This article will try to explain how this misconception came to be and why it is not a real concern anymore.

History

The misconception hasn’t always been that. At various points in time, stripping Go binaries could in fact break them. These cases were always considered bugs and were fixed eventually.

Invalid ELF binaries

The majority of issues were caused by slightly incorrect ELF binaries.

Issue 261 – created in 2009 and fixed in 2010 by CL 994044 – and issue 1242 – created in 2010 and fixed in 2011 by CLs 4639077 and 4808043 – are the two prominent issues that existed with stripped binaries. In both cases, the ELF binaries didn’t have the required layout or headers to make strip work correctly.

ld -s

Go’s linker has itself a flag to omit writing the symbol table and debug information. This flag had bugs causing crashes as well. These bugs were more recent, occurring in 2013 and 2015. However, the flag and strip are not related and strip continued functioning correctly during that time. Nevertheless, these new bugs reinforced the idea that strip was still broken. Furthermore, these bugs have been fixed as well. They were tracked by the issues 6245 and 10254, fixed by CLs 13751045, 10835 and 11695.

Current situation

In early 2016, the question of stripping Go binaries was brought up on the golang-dev mailing list. Here, Keith Randall and Matthew Dempsky confirm that stripping ELF binaries should already be safe, and if it wasn’t that it’d be considered a bug. Russ Cox further confirms that it is working and “has worked for the past five years or so”.

In an experiment at CL 20584, Michael Hudson-Doile proves that stripping Go binaries does not cause any tests to fail, with the exception of an odd crash on Darwin, which does not affect ELF binaries.

Conclusion

To conclude: stripping Go binaries, at least on systems that use ELF binaries, is safe and has been safe since 2011. Similarly, using the Go linker’s -s flag has been safe for many years, various short-lived bugs aside.

This article did not explicitly investigate the stripping of PE and Mach-O binaries. However, there are no known issues with stripping PE binaries, and stripping Mach-O binaries only caused an issue in the experiment in CL 20584. No issues in real-world use cases are known.

Addendum: Another misconception about stripping Go binaries

In addition to the misconception that stripping Go binaries breaks them, there have been several related misconceptions. The biggest one is that strip would make panic stacktraces useless by stripping function names, file names and line numbers. This is not the case. While strip will remove various useful debug information, it will not affect how panics are rendered. This also implies that strip is not sufficient to guarantee that all identifying information are removed from an executable.