[Mono-dev] Dropping privileges in linux

Miguel de Icaza miguel at ximian.com
Sat Dec 24 00:00:51 EST 2005


Hello,

> > > I am looking for a way to drop privileges of an assembly started as
> > > 'root' to a normal user. I found two possible solutions, but didn't
> > > succeed with either of them ...
> > >
> > > a) Using Syscall
> > >
> > >    Syscall.setgid(1000);
> > >    Syscall.setuid(1000);
> > >
> > >    there 1000 is the uid and gid of an existing user.

We recently discovered that Linux is pretty broken when it comes to
setuid.

The brokeness does not show up in most programs, but it *might* show up
with things like Mono.

The problem is that setuid in Linux has no kernel support beyond the
current thread.  So they had to come up with a hack which essentially
uses a signal from the invoking thread to all the known threads of the
application to change their uid.

This works most of the time, but it does not work if any of the threads
are suspended (for example if the GC has stopped the threads).

Miguel.



More information about the Mono-devel-list mailing list