i was playing around with go sync groups and i just tried what happens if i add more groups than i mark done . and i get the runtime error i posted below.
So the question here is if go is compiled into true machine code unlike java or c# how come my file even line info can be shown in runtime errors .If file info is kept in the binary i think it can be easily decompiled .
Am i doing something wrong do i need to add some kinda env variable for prod builds or its just like c# theres no true way to hide your code
how and why Golang binary shows file and line info on the error
1.3k views Asked by nikoss At
1
There are 1 answers
Related Questions in SECURITY
- HTTPS configuration in Spring Boot, server returning timeout
- HSM ZKA control mask values
- OWASP Amass Subcommands
- Is there a need for BPF Linux namespace?
- Error when trying to execute a binary compiled in a Kali Linux machine on an Ubuntu system
- When sanitize/encode while implementing tags system like on SO
- spring security version in spring-boot-starter-security
- I am currently trying to implement a rudimentary firewall from a video I watched but the nimda worm detection is not working and i do not know why?
- Is it possible for `sudo` to fail temporarily with the correct password? Hacking suspected
- Is it viable proxying all my mobile apps requests, to some kind knowing that a request is coming from a secure source
- What abilities should I concentrate on while bug hunting, and how can I improve the quality of my bug bounty reports?
- System.ArgumentOutOfRangeException: I passed this error in every single program
- How to prevent users from creating custom client apps?
- Does server-side content security policy exist for youtube video player API, app, mod apks and website?
- Can we pass a hostname/IP address as a query string in a GET request in REST API
Related Questions in GO
- Go Fiber and HTMX - HX-Trigger header is changed to Hx-Trigger, which is not what HTMX is listening for
- Golang == Error: OCI runtime create failed: unable to start container process: exec: "./bin": stat ./bin: no such file or directory: unknown
- Handling both JSON and form values in POST request body with unknown values in Golang
- invalid transaction: Transaction failed to sanitize accounts offsets correctly
- Golang lambda upload image into s3 static website
- Is there a way to get a list of selected module versions, but only for modules within the pruned graph?
- Save Interface in DB golang
- ERROR: column "country" is of type text[] but expression is of type record (SQLSTATE 42804)
- Trying to update the version.go file with the release tag from GitHub actions but its failing
- How can I optimize this transposition table for connect 4 AI?
- const declaration - How to evaluate expressions at compile time?
- How add array of authors for unique user in database in Goland IDE?
- Why is the main goroutine not blocked after write in unbuffered channel?
- Insert & Retrieve from a channel in same main function throws "goroutine 1 [chan receive]: main.main() /path exit status 2" error
- Gob error when decoding array of structs: decoding into local type but received remote type
Related Questions in PRODUCTION-ENVIRONMENT
- AWS AppRunner: Redirect URI Mismatch Error with Amazon Cognito
- MapboxGl SymbolLayer iconImage showing random image in production
- How to host a proper Python Flask server with HTTP, HTTPS and interactive debug shell, all in the same global namespace?
- How to fix URLEncoder related issues?
- Newtonsoft exception in Blazor .NET 6 only in Production environment
- Application error client side exception: Next js React app only on production
- SQL Database in production migration - Best approach
- Large initial chunk files (Empty Project with PWA and SSR) Angular 17
- How solve "Illuminate\Console\Command" not found?
- How to use Django - cPanel environment variable
- How solve 403 forbidden error in vix cluste server when trying to load livewire script?
- How to perform Drizzle Migrations in SQLite using Docker on production database on a VPS using Next.js?
- Recommendations for Blue Green Deployment Testing with Minimal Assertions in Cron-Based Batch Jobs for Higher environment
- Try to deploy an Angular 17 web app with proxy config, but it does not work in production
- How can I run Hashicorp Vault docker image with HTTPS on production
Related Questions in DECOMPILING
- Decompiling PyInstaller linux binary
- Type information system recovery
- Trouble reversing a .pyc file back to its source code
- Can anyone help me avoid being detected when using mock locations on an app, I have decompiled and pasted a code from it,s smali file
- IDA Free and _time64 decompilation?
- Uplifting asm to IL in a generic way
- Avoid exposing DB credentials when decompiling .exe
- Apktool Error Caused by: org.jf.util.ExceptionWithContext: Error while writing instruction at code offset 0x2
- i have installed pydumpck but get "'pydumpck' is not recognized as an internal or external command, operable program or batch file."
- Disassembling bytecode into opcodes across different EVM versions
- Garbled characters encountered when decompiling Lua
- Decompilation creating basic blocks
- Is there a way to see decompiled C# system libraries in VS Code?
- Decompiling ARM64 and understanding branch targets bounderies
- Decompile android APK with Apktool for analysis?
Related Questions in DEBUG-BUILD
- android SHA-256 certificate from debug apk file
- Does enabling coredump make my software debug build?
- Meson compiling subprojects in debug mode
- Where I can find Primefaces 3.4.1 bundle package (dev package)?
- After running a project in Qt Debug build, the binary (exe) disappears and object files are shrunk. How to fix that?
- Facing weird issue with debug and release builds of the same app
- debug build cannot access out.jar during build because it is being use by another process
- What should I do in CMakeLists.txt w.r.t. the build type?
- Why does debug build result in one more variable?
- My language translation are not working in debug build
- Assembler - why midpoint in calling functions?
- Function having release version inline on h file and debug version implemented on cpp
- Android debug build failing with "Stackoverflow Error" post gradle upgrade to 2.3.0
- What does CMAKE_BUILD_TYPE affect, other than the compiler flag selection?
- how can i make a label invisible at release build
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Popular Tags
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
So for fun, I wrote a trivial Go program that just panic()s and tried farting around with objdump and objcopy to see where this information is. On Linux (perhaps others), Go sticks the relevant info in the ELF section .gopclntab. If you remove it, the reference to the actual program source disappears, but the runtime crashes. And there are references to a ton more runtime.* things in that section (presumably for linkage and introspection). I'm thinking it's unlikely that you can realistically run a Go program with this information totally gone.
You can remove the DWARF info for some security as mentioned elsewhere on SO and a bunch of ELF sections vanish, but your best bet if you're really worried would probably be to preprocess your sources to obfuscate identifiers and filenames before compile. But there doesn't appear to be a ready-made tool to do so.
I'm not one of the Go designers, but I'm guessing going much farther is impractical due to things like introspection (something which e.g. C can't do). Compressors like upx will obfuscate the file at rest slightly (and seem to work OK with compiled Go--maybe a caveat or two in there), but it's trivial to undo if you know it's there (to the point that any security type would take away my developer's licence for my having even mentioned it).
The reality is that the best you can realistically do is speedbump people who are really interested in messing with your code. Obfuscating sources, if you're really that motivated to do it, would be your best bet (though ultimately still futile with sufficiently determined attackers).