[MIR] trace-cmd
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
trace-cmd (Ubuntu) |
Fix Released
|
Undecided
|
Nick Rosbrook |
Bug Description
[Availability]
The package trace-cmd is already in Ubuntu universe (Debian sync)
The package trace-cmd build for the architectures it is designed to work on.
It currently builds and works for architectures: amd64, arm64, armhf, ppc64el, riscv64, s390x
Link to package https:/
[Rationale]
- The package trace-cmd is required in Ubuntu main to help improve the experience of performance engineers working with Ubuntu
- The package trace-cmd will not generally be useful for a large part of our user base, but is helpful still because it will help enhance application developer experience while trying to find performance gain.
- There is no other/better way to solve this that is already in main or should go universe->main instead of this.
- The package trace-cmd is required in Ubuntu main no later than Feb 29 2024 (Feature Freeze) due to the will to have performance/tracing tools in Noble (LTS).
[Security]
- No CVEs/security issues in this software in the past. But one bug regarding a buffer overflow was found (see LP: #1955129) but not clearly identified as CVE/security bug.
- No `suid` or `sgid` binaries
- No executable in `/sbin` and `/usr/sbin`
- Package does not install services, timers or recurring jobs.
- Based on some quick tests, it looks like running trace-cmd is only making sense if run as root.
- Package can open privileged ports (ports < 1024) to listen for incoming connections to receive traces.
- I did not notice any use of apparmor/seccomp or any feature that could help mitigate an exploitation.
- Based on the previous elements, a more in-depth security review might be recommended.
- Packages does not contain extensions to security-sensitive software (filters, scanners, plugins, UI skins, ...)
[Quality assurance - function/usage]
- The package works well right after install
[Quality assurance - maintenance]
- The package is maintained well in Debian/
not have too many, long-term & critical, open bugs
- Ubuntu https:/
- Debian https:/
- Upstream's bug tracker https:/
- The package does not deal with exotic hardware we cannot support
[Quality assurance - testing]
- The package does have a test suite but it is not run at build time. I will submit a patch to do so.
- The package runs an autopkgtest, but is a "superficial" one. It is currently passing on amd64, arm64, ppc64el, s390x:
- https:/
- https:/
- https:/
- https:/
- The package does have failing autopkgtests for armhf tests right now, but it seems they always failed. A quick look at the error (Permission denied) suggest it might be fixable.
[Quality assurance - packaging]
- debian/watch is present and works
- debian/control defines a correct Maintainer field
- This package does not yield massive lintian Warnings, Errors
- Lintian overrides are not present
- This package does not rely on obsolete or about to be demoted packages.
- The package is planned to be installed by default, but does not ask debconf questions
- Packaging and build is easy https:/
[UI standards]
- Application is not end-user facing (does not need translation)
[Dependencies]
- There are further dependencies that are not yet in main, MIR for them will follow:
- https:/
- https:/
[Standards compliance]
- This package correctly follows FHS and Debian Policy
[Maintenance/Owner]
- The owning team will be Foundations and I have their acknowledgement for that commitment
- The future owning team is not yet subscribed, but will subscribe to the package before promotion
- The current bug subscriber (~chasedouglas) does not seem to be active anymore. Should we replace them by someone else?
- This does not use static builds
- This does not use vendored code
- The package was test rebuilt in a PPA recently https:/
[Background information]
The Package description explains the package well.
Upstream Name is trace-cmd
Link to upstream project https:/
Related branches
- Andreas Hasenack: Approve
-
Diff: 14 lines (+4/-0)1 file modifiedstandard (+4/-0)
description: | updated |
description: | updated |
description: | updated |
description: | updated |
Changed in trace-cmd (Ubuntu): | |
status: | Incomplete → New |
Changed in trace-cmd (Ubuntu): | |
assignee: | nobody → Ioanna Alifieraki (joalif) |
tags: | added: sec-3932 |
tags: | added: rls-nn-incoming |
Changed in trace-cmd (Ubuntu): | |
status: | In Progress → Incomplete |
% lintian --pedantic -version 4.6.2 (current is 4.6.0.1)
W: trace-cmd source: newer-standards
P: trace-cmd source: no-homepage-field