[Mono-dev] Data protection failed. ---> System.UnauthorizedAccessException: Access to the path "/usr/share/.mono/keypairs/ (Mono-devel-list Digest, Vol 151, Issue 2)

Jo Shields directhex at apebox.org
Mon Nov 13 17:29:08 UTC 2017


Which user is Nginx running as?


Which user is fastcgi-mono-server running as?


Somehow, it thinks that $HOME for the running user is /root


On 13/11/17 12:20, nikhil sehgal wrote:
> Hi all,
>
> Now I have different scenario I have mono running as a custom user
> XYZ...however I am getting exception that mono can't write keypairs  to
> follow in path
> /root/.config/.mono/keypairs
>
>
> Why it's trying to write key's to Root's path......
>
> I am using nginx+fastcgimono ...
>
>
> And this issue is very random I got 3/10 times...
>
> Please help urgent
>
>
> On Oct 5, 2017 13:03, "nikhil sehgal" <nikhil.jiet at gmail.com> wrote:
>
> HI All ,
>
> While calling ProtectedData.Protect(Encoding.Unicode.GetBytes("XXXXXXXXXXXXXXX"),
> null, DataProtectionScope.LocalMachine);
>
>
> I am getting following error ....i am running my application under
> fast_cgi_mono+nginx and running as non root user..
>
> And following error is coming randomly not always.
>
> I don't want to run my application as root user for Security reasons
> .please advice
>
> System.Security.Cryptography.CryptographicException: Data protection
> failed. ---> System.UnauthorizedAccessException: Access to the path
> "/usr/share/.mono/keypairs/[1][98f3a7e3-0d6e-f432-8a18-e1144b53633f][-1].xml"
> is denied.
>    at System.IO.FileStream..ctor (System.String path, System.IO.FileMode
> mode, System.IO.FileAccess access, System.IO.FileShare share, System.Int32
> bufferSize, System.Boolean anonymous, System.IO.FileOptions options)
> [0x001d8] in <77c9551943624fd18301ba6f78a841e5>:0
>    at System.IO.FileStream..ctor (System.String path, System.IO.FileMode
> mode, System.IO.FileAccess access, System.IO.FileShare share) [0x00000] in <
> 77c9551943624fd18301ba6f78a841e5>:0
>    at (wrapper remoting-invoke-with-check) System.IO.FileStream:.ctor
> (string,System.IO.FileMode,System.IO.FileAccess,System.IO.FileShare)
>    at System.IO.File.Open (System.String path, System.IO.FileMode mode)
> [0x00000] in <77c9551943624fd18301ba6f78a841e5>:0
>    at Mono.Security.Cryptography.KeyPairPersistence.Save () [0x00006] in <
> 77c9551943624fd18301ba6f78a841e5>:0
>    at System.Security.Cryptography.RSACryptoServiceProvider.OnKeyGenerated
> (System.Object sender, System.EventArgs e) [0x0002f] in <
> 77c9551943624fd18301ba6f78a841e5>:0
>    at Mono.Security.Cryptography.RSAManaged.GenerateKeyPair () [0x00151] in <
> 77c9551943624fd18301ba6f78a841e5>:0
>    at Mono.Security.Cryptography.RSAManaged.EncryptValue (System.Byte[] rgb)
> [0x0001b] in <77c9551943624fd18301ba6f78a841e5>:0
>    at Mono.Security.Cryptography.PKCS1.RSAEP (System.Security.Cryptography.RSA
> rsa, System.Byte[] m) [0x00000] in <77c9551943624fd18301ba6f78a841e5>:0
>    at Mono.Security.Cryptography.PKCS1.Encrypt_OAEP
> (System.Security.Cryptography.RSA rsa,
> System.Security.Cryptography.HashAlgorithm
> hash, System.Security.Cryptography.RandomNumberGenerator rng, System.Byte[]
> M) [0x000f6] in <77c9551943624fd18301ba6f78a841e5>:0
>    at System.Security.Cryptography.Utils.RsaOaepEncrypt
> (System.Security.Cryptography.RSA rsa,
> System.Security.Cryptography.HashAlgorithm
> hash, System.Security.Cryptography.PKCS1MaskGenerationMethod mgf,
> System.Security.Cryptography.RandomNumberGenerator rng, System.Byte[] data)
> [0x00000] in <77c9551943624fd18301ba6f78a841e5>:0
>    at System.Security.Cryptography.RSAOAEPKeyExchangeFormatter.CreateKeyExchange
> (System.Byte[] rgbData) [0x00047] in <77c9551943624fd18301ba6f78a841e5>:0
>    at System.Security.Cryptography.RSACryptoServiceProvider.Encrypt
> (System.Byte[] rgb, System.Boolean fOAEP) [0x0001f] in <
> 77c9551943624fd18301ba6f78a841e5>:0
>    at System.Security.Cryptography.RSACryptoServiceProvider.Encrypt
> (System.Byte[] data, System.Security.Cryptography.RSAEncryptionPadding
> padding) [0x00045] in <77c9551943624fd18301ba6f78a841e5>:0
>    at System.Security.Cryptography.RSAOAEPKeyExchangeFormatter.CreateKeyExchange
> (System.Byte[] rgbData) [0x0002c] in <77c9551943624fd18301ba6f78a841e5>:0
>    at Mono.Security.Cryptography.ManagedProtection.Protect (System.Byte[]
> userData, System.Byte[] optionalEntropy,
> System.Security.Cryptography.DataProtectionScope
> scope) [0x0013e] in <2c890ca2f2c3434ca04011ecd5d57165>:0
>    at System.Security.Cryptography.ProtectedData.Protect (System.Byte[]
> userData, System.Byte[] optionalEntropy,
> System.Security.Cryptography.DataProtectionScope
> scope) [0x00023] in <2c890ca2f2c3434ca04011ecd5d57165>:0
>     --- End of inner exception stack trace ---
>    at System.Security.Cryptography.ProtectedData.Protect (System.Byte[]
> userData, System.Byte[] optionalEntropy,
> System.Security.Cryptography.DataProtectionScope
> scope) [0x0003f] in <2c890ca2f2c3434ca04011ecd5d57165>:0
>    at Writelog.Program.Main (System.String[] args) [0x00010] in <
> e4a1cce0275a48f29c577f83bf71131e>:0
> [ERROR] FATAL UNHANDLED EXCEPTION:
> System.Security.Cryptography.CryptographicException:
> Data protection failed. ---> System.UnauthorizedAccessException: Access to
> the path "/usr/share/.mono/keypairs/[1][98f3a7e3-0d6e-f432-8a18-e1144b53633f][-1].xml"
> is denied.
>    at System.IO.FileStream..ctor (System.String path, System.IO.FileMode
> mode, System.IO.FileAccess access, System.IO.FileShare share, System.Int32
> bufferSize, System.Boolean anonymous, System.IO.FileOptions options)
> [0x001d8] in <77c9551943624fd18301ba6f78a841e5>:0
>    at System.IO.FileStream..ctor (System.String path, System.IO.FileMode
> mode, System.IO.FileAccess access, System.IO.FileShare share) [0x00000] in <
> 77c9551943624fd18301ba6f78a841e5>:0
>    at (wrapper remoting-invoke-with-check) System.IO.FileStream:.ctor
> (string,System.IO.FileMode,System.IO.FileAccess,System.IO.FileShare)
>    at System.IO.File.Open (System.String path, System.IO.FileMode mode)
> [0x00000] in <77c9551943624fd18301ba6f78a841e5>:0
>    at Mono.Security.Cryptography.KeyPairPersistence.Save () [0x00006] in <
> 77c9551943624fd18301ba6f78a841e5>:0
>    at System.Security.Cryptography.RSACryptoServiceProvider.OnKeyGenerated
> (System.Object sender, System.EventArgs e) [0x0002f] in <
> 77c9551943624fd18301ba6f78a841e5>:0
>    at Mono.Security.Cryptography.RSAManaged.GenerateKeyPair () [0x00151] in <
> 77c9551943624fd18301ba6f78a841e5>:0
>    at Mono.Security.Cryptography.RSAManaged.EncryptValue (System.Byte[] rgb)
> [0x0001b] in <77c9551943624fd18301ba6f78a841e5>:0
>    at Mono.Security.Cryptography.PKCS1.RSAEP (System.Security.Cryptography.RSA
> rsa, System.Byte[] m) [0x00000] in <77c9551943624fd18301ba6f78a841e5>:0
>    at Mono.Security.Cryptography.PKCS1.Encrypt_OAEP
> (System.Security.Cryptography.RSA rsa,
> System.Security.Cryptography.HashAlgorithm
> hash, System.Security.Cryptography.RandomNumberGenerator rng, System.Byte[]
> M) [0x000f6] in <77c9551943624fd18301ba6f78a841e5>:0
>    at System.Security.Cryptography.Utils.RsaOaepEncrypt
> (System.Security.Cryptography.RSA rsa,
> System.Security.Cryptography.HashAlgorithm
> hash, System.Security.Cryptography.PKCS1MaskGenerationMethod mgf,
> System.Security.Cryptography.RandomNumberGenerator rng, System.Byte[] data)
> [0x00000] in <77c9551943624fd18301ba6f78a841e5>:0
>    at System.Security.Cryptography.RSAOAEPKeyExchangeFormatter.CreateKeyExchange
> (System.Byte[] rgbData) [0x00047] in <77c9551943624fd18301ba6f78a841e5>:0
>    at System.Security.Cryptography.RSACryptoServiceProvider.Encrypt
> (System.Byte[] rgb, System.Boolean fOAEP) [0x0001f] in <
> 77c9551943624fd18301ba6f78a841e5>:0
>    at System.Security.Cryptography.RSACryptoServiceProvider.Encrypt
> (System.Byte[] data, System.Security.Cryptography.RSAEncryptionPadding
> padding) [0x00045] in <77c9551943624fd18301ba6f78a841e5>:0
>    at System.Security.Cryptography.RSAOAEPKeyExchangeFormatter.CreateKeyExchange
> (System.Byte[] rgbData) [0x0002c] in <77c9551943624fd18301ba6f78a841e5>:0
>    at Mono.Security.Cryptography.ManagedProtection.Protect (System.Byte[]
> userData, System.Byte[] optionalEntropy,
> System.Security.Cryptography.DataProtectionScope
> scope) [0x0013e] in <2c890ca2f2c3434ca04011ecd5d57165>:0
>    at System.Security.Cryptography.ProtectedData.Protect (System.Byte[]
> userData, System.Byte[] optionalEntropy,
> System.Security.Cryptography.DataProtectionScope
> scope) [0x00023] in <2c890ca2f2c3434ca04011ecd5d57165>:0
>     --- End of inner exception stack trace ---
>    at System.Security.Cryptography.ProtectedData.Protect (System.Byte[]
> userData, System.Byte[] optionalEntropy,
> System.Security.Cryptography.DataProtectionScope
> scope) [0x0003f] in <2c890ca2f2c3434ca04011ecd5d57165>:0
>    at Writelog.Program.Main (System.String[] args) [0x00010] in <
> e4a1cce0275a48f29c577f83bf71131e>:0
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://lists.dot.net/pipermail/mono-devel-list/attachments/20171113/7c971554/attachment.html>
>



More information about the Mono-devel-list mailing list