ELF .notes 部分真的需要吗？

发布于 2025-01-07 23:03:03 字数 284 浏览 0 评论 0原文

在 Linux 上，我尝试将静态链接的 ELF 文件剥离为最基本的内容。当我运行：

strip --strip-unneeded foo

或

strip --strip-all foo

生成的文件仍然有一个很胖的 .notes 部分，似乎充满了时髦的字符串。

.notes 部分是否真的需要，或者我可以使用 --remove-section 安全地将其强制删除吗？

感谢您的任何帮助。

原文

On Linux, I'm trying to strip a statically linked ELF file to the bare essentials. When I run:

strip --strip-unneeded foo

strip --strip-all foo

The resulting file still has a fat .notes section that appears to be full of funky strings.

Is the .notes section really needed or can I safely force it out with --remove-section?

Thanks for any help.

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

紧拥背影 2025-01-14 23:03:03

根据经验和查看 strip 的手册页，看起来 strip 并不应该删除任何和所有部分，并且不需要的字符串；只是符号。引用手册页：

 GNU strip 丢弃目标文件 objfile 中的所有符号。

话虽这么说，根据经验，即使没有 --strip-all，strip 也会删除加载不需要的部分，例如 .symtab 和 < code>.strtab，正如您所注意到的，您可以使用 --remove-section 删除您想要的部分。

作为 .notes 部分的示例，我从 Ubuntu 11.10 64 位机器中获取了 /bin/ls：

$ readelf -Wn /bin/ls

Notes at offset 0x00000254 with length 0x00000020:
  Owner                 Data size   Description
  GNU                  0x00000010   NT_GNU_ABI_TAG (ABI version tag)
    OS: Linux, ABI: 2.6.15

Notes at offset 0x00000274 with length 0x00000024:
  Owner                 Data size   Description
  GNU                  0x00000014   NT_GNU_BUILD_ID (unique build ID bitstring)
    Build ID: 3e6f3159144281f709c3c5ffd41e376f53b47952

其中包含 .note.ABI 标签 部分和 .note.gnu.build-id 部分。看起来它们包含加载程序不需要的数据，但也不是标准的，并且 strip 不知道这些数据对于程序的正确运行来说不是必需的，因为ELF 可以有任意数量的附加“未知”部分，这些部分无法安全删除。因此，它不是使用虚拟白名单（这会严重失败），而是使用它知道可以删除的部分黑名单，并且这样做了。

简短版本：这些部分似乎不是标准的，可以用于各种用途，因此 strip 无法知道删除它们是否安全。但根据我上面获取的信息，如果它是您自己的程序，那么删除它几乎肯定是安全的。

From experience and from looking at the man page for strip, it looks like strip isn't supposed to get rid of any and all sections and strings that aren't needed; just symbols. Quoth the man page:

   GNU strip discards all symbols from object files objfile.

That being said, from experience, strip, even without --strip-all, removes sections unneeded for loading, such as .symtab and .strtab, and you can, as you note, remove sections you want it with --remove-section.

As an example of a .notes section, I took /bin/ls from my Ubuntu 11.10 64-bit box:

$ readelf -Wn /bin/ls

Notes at offset 0x00000254 with length 0x00000020:
  Owner                 Data size   Description
  GNU                  0x00000010   NT_GNU_ABI_TAG (ABI version tag)
    OS: Linux, ABI: 2.6.15

Notes at offset 0x00000274 with length 0x00000024:
  Owner                 Data size   Description
  GNU                  0x00000014   NT_GNU_BUILD_ID (unique build ID bitstring)
    Build ID: 3e6f3159144281f709c3c5ffd41e376f53b47952

That encompasses the .note.ABI-tag section and the .note.gnu.build-id section. It looks like they contain data that isn't necessary to load the program, but also isn't standard, and isn't known by strip to not be necessary for the proper running of the program, since an ELF can have any number of additional "unknown" sections that aren't safe to remove. So rather using a virtual whitelist (which would fail miserably), it uses a blacklist of sections that it knows it can get rid of, and does so.

Short version: these sections don't seem to be standard and could be used for various things, so strip can't know it's safe to remove them. But based on the info inside the one I took above, if it's your own program, it's almost certainly safe to remove it.

回复收藏 0 原文

~没有更多了~