[Mono-dev] Dropping privileges in linux

Georgi Moskov g.moskov at gmail.com
Sat Dec 24 06:59:00 EST 2005


Hi Miguel,

On 12/24/05, Miguel de Icaza <miguel at ximian.com> wrote:

> We recently discovered that Linux is pretty broken when it comes to
> setuid.
>
> The brokeness does not show up in most programs, but it *might* show up
> with things like Mono.
>
> The problem is that setuid in Linux has no kernel support beyond the
> current thread.  So they had to come up with a hack which essentially
> uses a signal from the invoking thread to all the known threads of the
> application to change their uid.
>
> This works most of the time, but it does not work if any of the threads
> are suspended (for example if the GC has stopped the threads).

Thanks for your answer, I think that now I understand the problem. I
noticed that in mono the GC is implemented in the libgc library and as
it is written in the readme the libgc implementation can safely work
with threads and can also cope with signals by deferring them.  Can
you please tell me if there is any way to make the setXid() system
calls work with mono (maybe by recompiling mono and/or libgc with
different compile-time options)?

Regards,
Georgi Moskov



More information about the Mono-devel-list mailing list