[prev in list] [next in list] [prev in thread] [next in thread]
List: mono-list
Subject: Re: [Mono-list] setuid behavior?
From: IBBoard <ibboard () gmail ! com>
Date: 2013-09-15 18:45:02
Message-ID: 5236002E.1090403 () gmail ! com
[Download RAW message or body]
Just to explain this:
Normally, you setuid an executable file and then run it. In the normal
case (native Linux binaries or shell scripts) then that is fine as the
thing runs directly.
In the case of Mono then you can't "execute" a .exe directly* and so you
need to run "mono my.exe". When you do that then Mono runs and loads the
.exe as the code, which means that as far as the OS is concerned then
/usr/bin/mono is the thing that runs and not my.exe. That also means
that mono would need to be setuid (or invoked as the right user) rather
than your exe.
Note: it is probably a *terrible* *idea* *=99* to keep /usr/bin/mono as
setuid. It should be used sparingly at the best of times, and since Mono
runs arbitrary code for a vast range of apps (rather than being a single
fixed-purpose binary, like cat, vim or visudo or something) then you're
opening yourself up to huge issues and security risks by running it
setuid the whole time. It is much better to wrap it in a no-args shell
script and setuid that.
* Some distros will set it up so that it looks like you're executing it
directly, but it uses a wrapper method that just does the "mono my.exe"
for you -
http://askubuntu.com/questions/20246/running-a-mono-program-without-typing-=
in-mono-foo-exe
On 13/09/13 06:51, Ian Norton wrote:
> For setuid on the program to work you'd have to setuid mono itself.
> Depending on your deployment scenario you could mkbundle your program
> and setuid the result.
> =
> =
> On 11 September 2013 23:32, mickeyf <mickey@thesweetoasis.com
> <mailto:mickey@thesweetoasis.com>> wrote:
> =
> I have an application that uses a udp socket. If I run it "sudo mono
> myapp.exe" it works fine. If I leave off the sudo it fails when
> attempting
> to bind the socket - this is not a surprise.
> =
> However, when change the owner to root and setuid on myapp.exe, it st=
ill
> fails.
> =
> Is this what I should expect, and what is the preferred way to run th=
is
> without actually being root?
> =
> thanks
> =
> =
> =
> --
> View this message in context:
> http://mono.1490590.n4.nabble.com/setuid-behavior-tp4660850.html
> Sent from the Mono - General mailing list archive at Nabble.com.
> _______________________________________________
> Mono-list maillist - Mono-list@lists.ximian.com
> <mailto:Mono-list@lists.ximian.com>
> http://lists.ximian.com/mailman/listinfo/mono-list
> =
> =
> =
> =
> _______________________________________________
> Mono-list maillist - Mono-list@lists.ximian.com
> http://lists.ximian.com/mailman/listinfo/mono-list
> =
_______________________________________________
Mono-list maillist - Mono-list@lists.ximian.com
http://lists.ximian.com/mailman/listinfo/mono-list
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic