Feature Name: Systemtap 2.0
A major new version of systemtap.
- Name: Frank Ch. Eigler
- Email: firstname.lastname@example.org
- Targeted release: Fedora 18
- Last updated: 2012-08-07
- Percentage of completion: 90%
- Ready for build in git-dist; blocked by python-vs-boost grudge match
For this next major release of systemtap, the team is hoping to deliver an optional new backend that allows unprivileged users to instrument their programs, without any kernel module building or root privileges.
Benefit to Fedora
Reduction of security attack surface, by less reliance on setuid / kernel facilities. Increased process introspection capability. Higher performance process introspection. Usability by completely unprivileged users.
Direct impact is limited to this package. However, the <sys/sdt.h> markers embedded in several Fedora libraries and binaries become accessible to more users than before.
How To Test
The packaged testsuite should cover the general capabilities of the tool, to avoid regressions.
User experience from prior versions should not change. Completely unprivileged users should become able to instrument their own programs without any kernel- or root-dependent machinations.
Systemtap upstream needs to release 2.0, though by F18 beta, we could package a pre-release snapshot. The DynInst library is now packaged for Fedora rawhide.
If the pure-userspace work is not completed in time, the then-newest upstream systemtap can be issued for Fedora 18 (version 1.8, already in fedora-updates), and a later dyninst-capable version would be issued as a future update.
"Systemtap 2.0 includes a new prototype backend, which uses DynInst to instrument a user's own binaries at runtime. This backend does not use kernel modules, and does not require root privileges, but is restricted with respect to the kinds of probes and other constructs that a script may use."