What does "non-debug" code mean in this context? Most distros compile everything with -g and then separate out the debug symbols into a different package, because you almost always want to be able to attach gdb to any process when something goes wrong (and no, recompiling at that point is a much worse idea, because it means installing compilers on your production system as well as not being able to debug what was actually running).

It doesn't matter anyway, because once you're running inside a process you can do most anything you like. This was a convenient mechanism, but there are scores of ways to scan over the symbols and modify code inside the same process.

"You almost always want to be able to attach gdb to any process when something goes wrong".

Now, this is why we can't have secure systems.

Somehow, I've never needed to attach GDB to a running process. Start up programs under GDB, yes. Read crash dumps, yes. If you're using a debugger in a production system, something has gone horribly wrong.

> If you're using a debugger in a production system, something has gone horribly wrong.

That's right, hence the debugger.

Or you want to capture accurate core dumps for a tool like ABRT. We (Red Hat) work very closely with customers to find out what is and isn't acceptable to be running on their production systems, including customers who store very sensitive data.

How do you debug rare hangs?

Hooking of what?

Live-patching code so that a call to something becomes a call to something else.

How are you going to prevent this in general? At some point you’re going to make an indirect call.