« Credit where credit is due | Main | Mono team, hiring again »

Securing a Unix Domain Socket: Looking for Help

There is a cool hack that we want to introduce in Mono that would allow a remote process to debug a examine data in a running Mono instance. The hack uses the embeddable compiler.

The proposed extension to Mono would use a socket on /tmp/mono-USER/.mono-PID created by the Mono process and set the permissions to read/write for the owner and nothing for the group or other users.

What can go wrong security-wise with the above setup? What should we check that is not immediately obvious?

So far:

Create directory with 0600 permissions, bail if mkdir returns anything but 0.
Create socket in directory; It should be safe at this point, and change the permissions of the socket (is this really needed?).

blog comments powered by Disqus

This is a personal web page. Things said here do not represent the position of my employer.

RSS

Twitter

Comments

Search this Blog

Recommended Reading

Pictures:

Fundamental

Friends

Securing a Unix Domain Socket: Looking for Help