D-Linker: Debloating Shared Libraries by Relinking From Object Files

Abstract

Shared libraries are widely used in software development to execute third-party functions. However, the size and complexity of shared libraries tend to increase with the need to support more features, resulting in bloated shared libraries. This leads to resource waste and security issues as a significant amount of generic functionality is included unnecessarily in most scenarios, especially in embedded systems. To address this issue, previous works attempt to debloat shared libraries through binary rewriting or recompilation. However, these works face a tradeoff between flexibility in usage (needs recompilation and runtime support) and the effectiveness of debloating (binary rewriting achieves insufficient file size reduction). We propose D-Linker, a tool that debloats shared libraries by reducing both code and data sections in link-time at the object level without recompilation. Our key insight is that object-level shared library debloating is especially suitable for embedded systems because it strikes a balance of flexibility and efficiency. D-Linker identifies the required ELF object files of the shared libraries in an application and relinks them to produce a debloated shared library with better-debloating effectiveness by avoiding the data reference analysis. Our approach achieves over 70% of gadgets reduction as a security benefit and an average size reduction of 49.6% for a stripped libc of coreutils. The results also indicate that D-Linker improves debloating effectiveness by approximately 30% compared to binary-level shared library debloating and incurs a 5% decrease in code gadgets reduction compared to source-code-level shared library debloating.