Best IT Recipes

What is the risk of deploying debugging symbols (pdb file) in a production environment?

I have an application that logs strack exception traces, and I wanted these stack traces to include file names and line numbers when deployed during production. I figured out how to deploy assembly debugging symbols, but as I explored the problem, I came across this question , which implies that it is not a good idea to include pdb files in a production environment. Commentary on the accepted answer reads: "... debugging information can transmit sensitive data and be an attack vector. Depending on your application."

So, what sensitive data can be exposed? How to use debug symbols to compromise an application? I'm curious to find out the technical details, but what I'm really looking for is a practical way to assess the risk of including debugging symbols for any particular application and production environment. Or to put it another way: what worse could happen?

EDIT: follow-up question / clarification

Therefore, based on all the answers, it seems that this question may be slightly simplified for .NET applications. This bit from John Robbins' blog linked to Michael Maddox replies , which popped up on me:

.NET PDB contains only two pieces of information, the names of the source files and their lines, and the local variable names. All other information is already in the .NET metadata, so there is no need to duplicate the same information in the PDB file.

For me, this repeats what others have said about the reflector, implying that access to assemblies is the real problem. Once this is determined, the only decision made regarding PDBs is to take care of exposing the file names, line numbers, and local variable names (assuming you don't show the stack trace to end users first). Or am I simplifying this too much?

+67
security production debug-symbols
Aug 20 '09 at 16:46
source share
4 answers

Here is another question:

Are there any security issues coming from debug debug files on live servers?

And more information about PDB files:

PDB Files: What Every Developer Should Know

In general, I always include pdb files in my deployments, and they are too large to ignore.

If you never expose the stack trace to your users (and usually shouldn't), there really is no additional risk to the security of deploying PDB files.

When the user sees a visible stack trace, the user can see the full stack trace, including the file name and file line numbers. This may give them some insight into how your application is archived, which could potentially help them hack.

A big security risk is something like Reflector , which when used in your DLLs will allow them to view the source code with or without pdb files.

+49
Aug 20 '09 at 17:00
source share

If you are deploying a development environment in your own organization, this is not a security issue.

If you sell your software to other sites, the .pdb file may give someone who is interested in reverse engineering a leg - this may or may not be a problem for you.

However (to be clear), you do not want your stack traces to be displayed to the client - regardless of whether .pdbs are available. But if you just log traces and present a “beautiful” error page to the client, this is not a problem.

+12
Aug 20 '09 at 16:56
source share

Having debugging symbols, an attacker can determine the global variables that interest you, function offsets, etc.

Thus, he could see that your system has a function such as:

AddAdminUser(string name, string password);

And know his displacement. If your program is compromised, it can call this function to give itself administrator privileges.

Or something like:

 typedef enum {Basic, NTLM} AuthenticationMode; AuthenticationMode g_authenticationMode;

And he knows which bit to flip to put your application in unsafe mode.

Alternatively, this will require very little time for engineering analysis. However, this is not an irresistible amount of time.

But., This all means that your attacker is already in a state where he can endanger your program. If this happens, you have already lost.

If you have a good reason to deploy pdb characters, continue. Deploying a PDB will not make you insecure. Unless you have a good reason to deploy, you should not do this, as attacks will be a little easier.

You can also create publicly accessible PDB files — they share specific pieces of information, but give you enough characters to create a stack trace and do basic debugging. Details here . Microsoft is deploying a public PDB on its symbol server for use by all users.

EDIT: Most of what I said relates to issues around deploying PDB for native code. I think that many of these problems also migrate to .NET, even though assembly metadata is already transmitting quite a bit.

+10
Aug 20 '09 at 16:59
source share

Someone may “restore” the full source code of your application. If this is Open Source, you need not worry. If he has an IP (algorithms, protection, licenses), this is probably not a good idea.

It's true that tools like Reflector can recover parts of your code even without PDB files, but obfuscation can help (well, a little).

+2
Aug 20 '09 at 16:52
source share


More articles:


All Articles