[Mono-dev] Dropping privileges in linux

Wed Dec 21 09:10:00 EST 2005

On 12/21/05, Robert Jordan <robertj at gmx.net> wrote:
> Georgi,
>
> > I am looking for a way to drop privileges of an assembly started as
> > 'root' to a normal user. I found two possible solutions, but didn't
> > succeed with either of them ...
> >
> > a) Using Syscall
> >
> >    Syscall.setgid(1000);
> >    Syscall.setuid(1000);
> >
> >    there 1000 is the uid and gid of an existing user.
> >
> > b) Using WindowsIdentity the way it is described here:
> >
> >    http://pages.infinit.net/ctech/20040405-1133.html
> >
> > In either way I get a 'Segmentation fault' when I execute the
> > assembly. I think there are some kind of memory permissions involved,
> > because when I strace the execution of the assembly I see that the
> > actual seuid and setgid calls are executed.
> >
> > Can anyone give me some hint what I'm doing wrong, or a way to surroud
> > the problem? I'm running Debian 3.1 with mono 1.1.10.
>
> Both (a) and (b) work for me. You may delete root's .wapi
> directory and retry. If it still doesn't work, please post the
> native stack trace you can obtain with gdb.
>

Hi,

Deleting .wapi didn't help. Here is what I get from gdb:

[Thread debugging using libthread_db enabled]
[New Thread -1210345792 (LWP 29757)]
[New Thread -1217918032 (LWP 29760)]
[New Thread -1217999952 (LWP 29761)]

Program received signal SIG33, Real-time event 33.
[Switching to Thread -1217999952 (LWP 29761)]
0xb7f26df2 in pthread_cond_timedwait@@GLIBC_2.3.2 ()
   from /lib/tls/libpthread.so.0
(gdb) bt
#0  0xb7f26df2 in pthread_cond_timedwait@@GLIBC_2.3.2 ()
   from /lib/tls/libpthread.so.0
#1  0x08100287 in mono_pthread_key_for_tls ()
#2  0x081003fb in mono_pthread_key_for_tls ()
#3  0x08100377 in mono_pthread_key_for_tls ()
#4  0x08102e98 in mono_pthread_key_for_tls ()
#5  0x080d208d in mono_gchandle_free ()
#6  0x08098f82 in mono_thread_get_tls_offset ()
#7  0x08103d67 in mono_once ()
#8  0x0810e8b5 in GC_end_blocking ()
#9  0xb7f24cfd in start_thread () from /lib/tls/libpthread.so.0
#10 0xb7e8c13e in clone () from /lib/tls/libc.so.6

And here is 'strace -f':

[pid 30849] munmap(0xb74ef000, 76099)   = 0
[pid 30849] tgkill(30849, 30851, SIGRT_1 <unfinished ...>
[pid 30851] <... futex resumed> )       = -1 EINTR (Interrupted system call)
[pid 30849] <... tgkill resumed> )      = 0
[pid 30851] --- SIGRT_1 (Unknown signal 33) @ 0 (0) ---
[pid 30849] tgkill(30849, 30850, SIGRT_1 <unfinished ...>
[pid 30850] <... nanosleep resumed> 0)  = ? ERESTART_RESTARTBLOCK (To
be restarted)
[pid 30851] setgid32(1000 <unfinished ...>
[pid 30849] <... tgkill resumed> )      = 0
[pid 30850] --- SIGRT_1 (Unknown signal 33) @ 0 (0) ---
[pid 30851] <... setgid32 resumed> )    = 0
[pid 30849] futex(0xbffff9ac, FUTEX_WAIT, 2, NULL <unfinished ...>
[pid 30850] setgid32(1000 <unfinished ...>
[pid 30851] rt_sigreturn(0xb7b88834 <unfinished ...>
[pid 30849] <... futex resumed> )       = -1 EAGAIN (Resource
temporarily unavailable)
[pid 30850] <... setgid32 resumed> )    = 0
[pid 30851] <... rt_sigreturn resumed> ) = -1 EINTR (Interrupted system call)
[pid 30849] futex(0xbffff9ac, FUTEX_WAIT, 1, NULL <unfinished ...>
[pid 30850] futex(0xbffff9ac, FUTEX_WAKE, 1 <unfinished ...>
[pid 30851] clock_gettime(CLOCK_REALTIME,  <unfinished ...>
[pid 30849] <... futex resumed> )       = -1 EAGAIN (Resource temporarily unavai
lable)
[pid 30850] <... futex resumed> )       = 0
[pid 30851] <... clock_gettime resumed> {1135173869, 69518000}) = 0
[pid 30849] setgid32(1000 <unfinished ...>
[pid 30850] rt_sigreturn(0xb7680448 <unfinished ...>
[pid 30851] futex(0xb7b88834, FUTEX_WAIT, 1, {0, 73482000} <unfinished ...>
[pid 30849] <... setgid32 resumed> )    = 0
[pid 30850] <... rt_sigreturn resumed> ) = -1 EINTR (Interrupted system call)
[pid 30850] time(NULL)                  = 1135173869
[pid 30850] semop(557072, 0xb76803a0, 1) = 0
[pid 30850] semop(557072, 0xb76803a0, 1 <unfinished ...>
[pid 30849] tgkill(30849, 30851, SIGRT_1 <unfinished ...>
[pid 30850] <... semop resumed> )       = 0
[pid 30851] <... futex resumed> )       = -1 EINTR (Interrupted system call)
[pid 30849] <... tgkill resumed> )      = 0
[pid 30850] semop(557072, 0xb76803a0, 1 <unfinished ...>
[pid 30851] --- SIGRT_1 (Unknown signal 33) @ 0 (0) ---
[pid 30849] tgkill(30849, 30850, SIGRT_1 <unfinished ...>
[pid 30850] <... semop resumed> )       = 0
[pid 30851] setuid32(1000 <unfinished ...>
[pid 30849] <... tgkill resumed> )      = 0
[pid 30850] --- SIGRT_1 (Unknown signal 33) @ 0 (0) ---
[pid 30851] <... setuid32 resumed> )    = 0
[pid 30849] futex(0xbffff9ac, FUTEX_WAIT, 2, NULL <unfinished ...>
[pid 30851] rt_sigreturn(0xb7b88834 <unfinished ...>
[pid 30850] setuid32(1000 <unfinished ...>
[pid 30849] <... futex resumed> )       = -1 EAGAIN (Resource temporarily unavai
lable)
[pid 30851] <... rt_sigreturn resumed> ) = -1 EINTR (Interrupted system call)
[pid 30850] <... setuid32 resumed> )    = 0
[pid 30849] futex(0xbffff9ac, FUTEX_WAIT, 1, NULL <unfinished ...>
[pid 30851] clock_gettime(CLOCK_REALTIME,  <unfinished ...>
[pid 30850] futex(0xbffff9ac, FUTEX_WAKE, 1 <unfinished ...>
[pid 30849] <... futex resumed> )       = -1 EAGAIN (Resource
temporarily unavailable)
[pid 30851] <... clock_gettime resumed> {1135173869, 70734000}) = 0
[pid 30850] <... futex resumed> )       = 0
[pid 30849] setuid32(1000 <unfinished ...>
[pid 30851] futex(0xb7b88834, FUTEX_WAIT, 1, {0, 72266000} <unfinished ...>
[pid 30850] rt_sigreturn(0x1 <unfinished ...>
[pid 30849] <... setuid32 resumed> )    = 0
[pid 30850] <... rt_sigreturn resumed> ) = 0
[pid 30850] semop(557072, 0xb76803a0, 1) = -1 EACCES (Permission denied)
[pid 30850] waitpid(30849, 0xb7680384, WNOHANG) = -1 ECHILD (No child processes)
[pid 30849] getuid32( <unfinished ...>
[pid 30850] time( <unfinished ...>
[pid 30849] <... getuid32 resumed> )    = 1000
[pid 30850] <... time resumed> NULL)    = 1135173869
[pid 30850] semop(557072, 0xb76802f0, 1) = -1 EACCES (Permission denied)
[pid 30850] --- SIGSEGV (Segmentation fault) @ 0 (0) ---
[pid 30850] --- SIGSEGV (Segmentation fault) @ 0 (0) ---
Process 30850 detached
[pid 30851] <... futex resumed> )       = -1 EINTR (Interrupted system call)
[pid 30851] +++ killed by SIGSEGV +++
+++ killed by SIGSEGV +++

Regards,
Georgi Moskov