There is a cool hack that we want to introduce in Mono that would allow a remote process to debug a examine data in a running Mono instance. The hack uses the embeddable compiler.
The proposed extension to Mono would use a socket on /tmp/mono-USER/.mono-PID created by the Mono process and set the permissions to read/write for the owner and nothing for the group or other users.
What can go wrong security-wise with the above setup? What should we check that is not immediately obvious?
- Create directory with 0600 permissions, bail if mkdir returns anything but 0.
- Create socket in directory; It should be safe at this point, and change the permissions of the socket (is this really needed?).