Generally speaking, could we not ship an apparmor profile with it in
Ubuntu specifically to prevent default usage of -R and ptracing for the
application?
If so, then a default apparmor profile to prevent usage of -R (depending
on how they do it) might be prudent.
I can see this being useful in Main, provided it passes security review.
Thomas
On 4/22/22 17:00, Seth Arnold wrote:
On Fri, Apr 22, 2022 at 09:58:14AM -0700, Bryce Harrington wrote:
LP page: https://launchpad.net/ubuntu/+source/pv
Or other considerations that need made before deciding?
pv is popular in the OpenZFS communities for use with zfs send | zfs recv
-- as is mbuffer, which exists more to provide much larger buffering than
the usual libc stdio buffers. mbuffer doesn't have progress bars, but does
show throughput:
$ dd if=/dev/urandom | mbuffer > /dev/null
in @ 32.5 MiB/s, out @ 32.5 MiB/s, 166 MiB total, buffer 0% full^C
341133+0 records in
341133+0 records out
174660096 bytes (175 MB, 167 MiB) copied, 5.13954 s, 34.0 MB/s
mbuffer: warning: error during output to <stdout>: canceled
summary: 167 MiByte in 5.1sec - average of 32.4 MiB/s
One feature of pv that slightly worries me is that you can change the
parameters of an already-running instance by running it again, with -R:
-R PID, --remote PID
If PID is an instance of pv that is already running,
-R PID will cause that instance to act as though it
had been given this instance's command line instead.
For example, if pv -L 123K is running with process ID
9876, then running pv -R 9876 -L 321K will cause it to
start using a rate limit of 321KiB instead of 123KiB.
Note that some options cannot be changed while
running, such as -c, -l, -f, -D, -E, and -S.
It's probably fine. (Afterall, it's possible to disable the yama sysctl
kernel.yama.ptrace_scope and attach a debugger to the process to modify
whatever you want.) But it's also possible it's not fine.
Thanks
--
ubuntu-devel mailing list
ubuntu-devel@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
