diff --git a/build.sh b/build.sh
index 98e0f2c8b..b7d7af254 100755
--- a/build.sh
+++ b/build.sh
@@ -6,11 +6,15 @@
 
 CC="cc -O2 -Wall -Wno-deprecated-declarations -Wno-unused-result"
 
-STATIC_BUILD=1
+STRIP="strip"
 INSTALL_DEPENDENCIES=1
+STATIC_BUILD=1
 
 while [ $1 ]; do
   case $1 in
+    '--debug' | '-d' )
+      STRIP="true"
+      ;;
     '--no-dependencies' | '-n' )
       INSTALL_DEPENDENCIES=0
       ;;
@@ -29,6 +33,7 @@ while [ $1 ]; do
       echo
       echo 'OPTIONS:'
       echo '  -h, --help: Show this help screen'
+      echo '  -d, --debug: Build with debug info.'
       echo '  -n, --no-dependencies: Do not try to install distro specific build dependencies.'
       echo '  -s, --use-shared-libs: Use distro provided shared versions of inotify-tools and openssl.'
       echo '  -c, --clean: Clean all artifacts generated by the build.'
@@ -136,7 +141,7 @@ sed -i "s|CFLAGS += -DXZ_SUPPORT|CFLAGS += -DXZ_SUPPORT -I../../xz-5.2.3/build/i
 sed -i "s|LIBS += -llzma|LIBS += -Bstatic -llzma  -L../../xz-5.2.3/build/lib|g" Makefile
 
 make XZ_SUPPORT=1 mksquashfs # LZ4_SUPPORT=1 did not build yet on CentOS 6
-strip mksquashfs
+$STRIP mksquashfs
 
 cd ../../
 
@@ -165,7 +170,7 @@ objcopy --add-section .sha256_sig=1024_blank_bytes \
 $CC -o runtime ../elf.c ../notify.c ../getsection.c runtime3.o \
     ../squashfuse/.libs/libsquashfuse_ll.a ../squashfuse/.libs/libsquashfuse.a ../squashfuse/.libs/libfuseprivate.a \
     -L../xz-5.2.3/build/lib -Wl,-Bdynamic -lfuse -lpthread -lz -Wl,-Bstatic -llzma -Wl,-Bdynamic -ldl
-strip runtime
+$STRIP runtime
 
 # Test if we can read it back
 readelf -x .upd_info runtime # hexdump
@@ -231,7 +236,7 @@ else
   $CC -o digest ../getsection.c ../digest.c -Wl,-Bdynamic -lssl -lcrypto -lz -ldl
 fi
 
-strip digest
+$STRIP digest
 
 # Compile and link validate tool
 
@@ -243,7 +248,7 @@ else
     -Wl,--as-needed $(pkg-config --cflags --libs glib-2.0) -lz -ldl
 fi
 
-strip validate
+$STRIP validate
 
 # AppRun
 $CC ../AppRun.c -o AppRun
@@ -286,7 +291,7 @@ cd ..
 # Strip and check size and dependencies
 
 rm build/*.o build/1024_blank_bytes
-strip build/* 2>/dev/null
+$STRIP build/* 2>/dev/null
 chmod a+x build/*
 ls -lh build/*
 for FILE in $(ls build/*) ; do
diff --git a/elf.c b/elf.c
index 8262551b1..da583afb6 100644
--- a/elf.c
+++ b/elf.c
@@ -46,7 +46,10 @@ static uint64_t file64_to_cpu(uint64_t val)
 static unsigned long read_elf32(int fd)
 {
 	Elf32_Ehdr ehdr32;
+	Elf32_Shdr shdr32;
+	off_t last_shdr_offset;
 	ssize_t ret;
+	unsigned long sht_end, last_section_end;
 
 	ret = pread(fd, &ehdr32, sizeof(ehdr32), 0);
 	if (ret < 0 || (size_t)ret != sizeof(ehdr32)) {
@@ -59,16 +62,30 @@ static unsigned long read_elf32(int fd)
 	ehdr.e_shentsize	= file16_to_cpu(ehdr32.e_shentsize);
 	ehdr.e_shnum		= file16_to_cpu(ehdr32.e_shnum);
 
-	return(ehdr.e_shoff + (ehdr.e_shentsize * ehdr.e_shnum));
+	last_shdr_offset = ehdr.e_shoff + (ehdr.e_shentsize * (ehdr.e_shnum - 1));
+	ret = pread(fd, &shdr32, sizeof(shdr32), last_shdr_offset);
+	if (ret < 0 || (size_t)ret != sizeof(shdr32)) {
+		fprintf(stderr, "Read of ELF section header from %s failed: %s\n",
+			fname, strerror(errno));
+		exit(10);
+	}
+
+	/* ELF ends either with the table of section headers (SHT) or with a section. */
+	sht_end = ehdr.e_shoff + (ehdr.e_shentsize * ehdr.e_shnum);
+	last_section_end = file64_to_cpu(shdr32.sh_offset) + file64_to_cpu(shdr32.sh_size);
+	return sht_end > last_section_end ? sht_end : last_section_end;
 }
 
 static unsigned long read_elf64(int fd)
 {
 	Elf64_Ehdr ehdr64;
+	Elf64_Shdr shdr64;
+	off_t last_shdr_offset;
 	ssize_t ret;
+	unsigned long sht_end, last_section_end;
 
 	ret = pread(fd, &ehdr64, sizeof(ehdr64), 0);
-	if (ret < 0 || (size_t)ret != sizeof(ehdr)) {
+	if (ret < 0 || (size_t)ret != sizeof(ehdr64)) {
 		fprintf(stderr, "Read of ELF header from %s failed: %s\n",
 			fname, strerror(errno));
 		exit(10);
@@ -78,15 +95,21 @@ static unsigned long read_elf64(int fd)
 	ehdr.e_shentsize	= file16_to_cpu(ehdr64.e_shentsize);
 	ehdr.e_shnum		= file16_to_cpu(ehdr64.e_shnum);
 
-	return(ehdr.e_shoff + (ehdr.e_shentsize * ehdr.e_shnum));
+	last_shdr_offset = ehdr.e_shoff + (ehdr.e_shentsize * (ehdr.e_shnum - 1));
+	ret = pread(fd, &shdr64, sizeof(shdr64), last_shdr_offset);
+	if (ret < 0 || (size_t)ret != sizeof(shdr64)) {
+		fprintf(stderr, "Read of ELF section header from %s failed: %s\n",
+			fname, strerror(errno));
+		exit(10);
+	}
+
+	/* ELF ends either with the table of section headers (SHT) or with a section. */
+	sht_end = ehdr.e_shoff + (ehdr.e_shentsize * ehdr.e_shnum);
+	last_section_end = file64_to_cpu(shdr64.sh_offset) + file64_to_cpu(shdr64.sh_size);
+	return sht_end > last_section_end ? sht_end : last_section_end;
 }
 
 unsigned long get_elf_size(const char *fname)
-/* TODO, FIXME: This assumes that the section header table (SHT) is
-the last part of the ELF. This is usually the case but
-it could also be that the last section is the last part
-of the ELF. This should be checked for.
-*/
 {
 	ssize_t ret;
 	int fd;