Ubuntu specifically to prevent default usage of -R and ptracing for the
application?
If so, then a default apparmor profile to prevent usage of -R (depending
on how they do it) might be prudent.
I can see this being useful in Main, provided it passes security review.
Thomas
On 4/22/22 17:00, Seth Arnold wrote:
> On Fri, Apr 22, 2022 at 09:58:14AM -0700, Bryce Harrington wrote:
>> LP page: https://launchpad.net/ubuntu/+source/pv
>> Or other considerations that need made before deciding?
> pv is popular in the OpenZFS communities for use with zfs send | zfs recv
> -- as is mbuffer, which exists more to provide much larger buffering than
> the usual libc stdio buffers. mbuffer doesn't have progress bars, but does
> show throughput:
>
> $ dd if=/dev/urandom | mbuffer > /dev/null
> in @ 32.5 MiB/s, out @ 32.5 MiB/s, 166 MiB total, buffer 0% full^C
> 341133+0 records in
> 341133+0 records out
> 174660096 bytes (175 MB, 167 MiB) copied, 5.13954 s, 34.0 MB/s
> mbuffer: warning: error during output to <stdout>: canceled
> summary: 167 MiByte in 5.1sec - average of 32.4 MiB/s
>
> One feature of pv that slightly worries me is that you can change the
> parameters of an already-running instance by running it again, with -R:
>
> -R PID, --remote PID
> If PID is an instance of pv that is already running,
> -R PID will cause that instance to act as though it
> had been given this instance's command line instead.
> For example, if pv -L 123K is running with process ID
> 9876, then running pv -R 9876 -L 321K will cause it to
> start using a rate limit of 321KiB instead of 123KiB.
> Note that some options cannot be changed while
> running, such as -c, -l, -f, -D, -E, and -S.
>
> It's probably fine. (Afterall, it's possible to disable the yama sysctl
> kernel.yama.ptrace_scope and attach a debugger to the process to modify
> whatever you want.) But it's also possible it's not fine.
>
> Thanks
>
--
ubuntu-devel mailing list
ubuntu-devel@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
