Does Crystal keep sensitive information?

Question

Does Crystal keep sensitive information?

If a developer compiles Crystal, what metadata will store the binary, and how to remove sensitive information? By sensitive I mean device identifiers, local IP addresses, or something else.

+4

crystal-lang

Vlad Faust Sep 11 '17 at 17:00

source share

1 answer

Faustino Aguilar · Answer 1 · 2017-09-12T20:03:15+0000

I know that basic Crystal debugging information is stored when using:

crystal build myprogram.cr

Then you can use the flag --debugto store all debugging information (possible confidential information as an example source code):

crystal build --debug myprogram.cr

To avoid debugging information, use the flag --no-debug:

crystal build --no-debug myprogram.cr

And to optimize and confuse another binary flag --release:

crystal build --release --no-debug myprogram.cr

, . , .

objdump -s --section .comment myprogram.bin , :

.stdin:     file format elf64-x86-64

Contents of section .comment:
 0000 4743433a 2028474e 55292036 2e312e31  GCC: (GNU) 6.1.1
 0010 20323031 36303830 32004743 433a2028   20160802.GCC: (
 0020 474e5529 20362e33 2e312032 30313730  GNU) 6.3.1 20170
 0030 31303900 4743433a 2028474e 55292034  109.GCC: (GNU) 4
 0040 2e372e32 20323031 32313031 35202852  .7.2 20121015 (R
 0050 65642048 61742034 2e372e32 2d352900  ed Hat 4.7.2-5).

Does Crystal keep sensitive information?

More articles: