[Mono-bugs] [Bug 542677] Add capability to run remote debugging with a specified account

bugzilla_noreply at novell.com bugzilla_noreply at novell.com
Tue Oct 20 09:37:45 EDT 2009 

http://bugzilla.novell.com/show_bug.cgi?id=542677

User martin at novell.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=542677#c3


Martin Baulig <martin at novell.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |WONTFIX




--- Comment #3 from Martin Baulig <martin at novell.com>  2009-10-20 07:37:44 MDT ---
We will almost certainly not implement this and I strongly oppose any attempt
of even trying.

"Fixing" this basically means running monovs-server.exe as root - either
directly or by sudo / pam authentication or some other means, it doesn't
matter.  One way or the other, the server would get extended privileges to do
the user switching.

On Linux, user switching is done with the setuid() system call, which requires
effective root permissions - there's no way for instance to switch from joe to
mike without having root access.  However, this is unacceptable anyways since
Mono hasn't been security audited yet, so we can't make the server setuid root.

The only other option is setting up sudo or ssh to invoke the server as another
user.

This is also unacceptable because we don't do what perl calls "taint checking":

The monovs-server accepts input via .NET remoting, but Mono's remoting
implementation hasn't been security audited to be safe in setuid environments -
an attacker could easily compromise the system's security by passing malicious
data.

And I mean by design, the server is used to execute arbitrary user-supplied
code.

It's just so easy to simply ssh into the linux box as the correct user and
start monovs-server there (you can even use a different port), that it's simply
not worth worrying about this.

The risk of opening any security leaks is simply too high.

-- 
Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.

More information about the mono-bugs mailing list