PACT is a research prototype, not production-hardened software. It runs as root, programs hardware performance counters (PEBS/uncore), loads out-of-tree kernel modules, edits the bootloader configuration, and changes machine-wide settings (NUMA demotion, THP, CPU online state, uncore frequency). Run it only on a dedicated or recoverable test machine with console access, never on a shared or production host.
Security fixes, if any, are applied on the default branch and to the most recent tagged release. There is no long-term-support branch and no response-time guarantee.
Please report security issues privately to the maintainers rather than in a public issue:
- Huaicheng Li — huaicheng@vt.edu
Include what you observed, how to reproduce it, and the affected revision
(./src/pact --version). We will acknowledge the report and coordinate a fix as
time permits; this is academic software maintained on a best-effort basis.
In scope: memory-safety and privilege-handling defects in the user-space
runtime (src/) and the setup/run scripts. Out of scope: the risks inherent in
the documented operation (root access, kernel-module loading, boot/BIOS-level
changes) and issues in vendored or upstream third-party code (see
NOTICE), which should be reported to their upstream projects.