[Mono-dev] Dropping privileges in linux
lupus at ximian.com
Mon Jan 2 07:27:07 EST 2006
On 12/24/05 Miguel de Icaza wrote:
> > > > I am looking for a way to drop privileges of an assembly started as
> > > > 'root' to a normal user. I found two possible solutions, but didn't
> > > > succeed with either of them ...
> > > >
> > > > a) Using Syscall
> > > >
> > > > Syscall.setgid(1000);
> > > > Syscall.setuid(1000);
> > > >
> > > > there 1000 is the uid and gid of an existing user.
> We recently discovered that Linux is pretty broken when it comes to
> The brokeness does not show up in most programs, but it *might* show up
> with things like Mono.
> The problem is that setuid in Linux has no kernel support beyond the
> current thread. So they had to come up with a hack which essentially
> uses a signal from the invoking thread to all the known threads of the
> application to change their uid.
> This works most of the time, but it does not work if any of the threads
> are suspended (for example if the GC has stopped the threads).
I don't think the segfault has anything to do with the kernel issue.
Using strace, the signal to handle the propagation to the threads of the
uid info is sent unconditionally, even when the uid is the same as the
current. Moreover, the segv happens inside the io-layer (even if it's
inside libc for me, it happens after an assertion in io-layer fails).
I think it might be related to the shared files the io-layer mmaps:
once the uid is changed it could be that the memory is no longer
accessible (changing just the gid causes no segv). Changing perms on the
files doesn't fix the issue, so I'm not completely positive on this...
Even if we could solve this, though, it would be wrong for a user
process to still use /root/.wapi/*: we'd need to provide an API that
changes user and does all the needed setup correctly.
lupus at debian.org debian/rules
lupus at ximian.com Monkeys do it better
More information about the Mono-devel-list