[MIR] ust

Why does Mir need to dynamically insert tracing code into the kernel?

Thanks

Blockers:
* The tests aren't being run. They should be.
* What team is looking after this in Ubuntu? There should be a bug subscriber.

Comments:
* It would be nice to see a symbols file. If you've got time, please file a bug with Debian about it.
* Otherwise, looks fine. Nice to be in sync with Debian, only one bug filed (multiarch support issue), modern packaging

Bug subscriber added

The tests are disabled in the upstream package so it's not a matter of enabling them in our build - upstream doesn't consider them to work.

OK, I looked at tests, and yeah, they're a hodgepodge. The runtests script is out of date, the individual tests are sometimes demos, sometimes manual scripts, etc. So not something we can easily rely on like "make check".

So from my perspective, it's fine. But Jamie requested a security review, so that's the blocker now.

Scratch that, Jamie said not to block the MIR on him.

We shouldn't block Mir on the security review, but I'd like to have an answer to Seth's question before we promote this one.

Hi, I helped with the initial liblttng-ust package for Debian, and by some weird coincidence, I stumble onto this bug today!

The systemtap dependency is for variadic SystemTap probes support. In fact only the sdt.h header is required, and the dpendency was added to avoid copying over this header into the UST tree. It's completely optional also, the package passes "--with-sdt" to configure, which is not even default upstream.

Moved to main, since Alex's answer seems to cover this. Leaving the bug open for security review if wanted.

I reviewed ust version 2.1.1-2 as checked into saucy. This should not
be considered a full security audit, but rather a quick guage of code
quality.

- ust provides portions of the userspace components of LTTng, which
  provides a tracing toolkit that can trace both userspace and kernelspace
  execution using centralized "session daemons" that control the
  collection of tracing information.
- Build-depends include liburcu, uuid, texinfo, and systemtap
- Does not use cryptography
- Tracing system uses local Unix networking
- This source package doesn't provide daemons or services
- No cron jobs
- Build logs are clean (mktemp(3) warnings are irrelevant)
- No subprocesses spawned
- Memory management is careful, includes very nice hierarchical memory
  management front-end for many objects, ad hoc objects and strings are
  carefully managed
- Very little file manipulation outside of the (disabled) tests
- Shared memory segment handled carefully
- Client <-> server tracing sockets handled carefully
- All logging functions looked safe
- Environment variables used safely
- Code looked privilege-aware but not privilege-necessary
- No temporary files
- No WebKit

This code solves extremely complicated technical problems and may
represent an incredible support burden should we ever need to extend
this code beyond its current abilities without help from upstream.

This package was programmed in a professional manner with high-quality
code throughout.

Security team ACK for including in main.

Thanks

Marking Fix Released then, as it was pre-promoted.