There is a cool hack that we want to introduce in Mono that would allow a remote process to debug a examine data in a running Mono instance. The hack uses the embeddable compiler.

The proposed extension to Mono would use a socket on /tmp/mono-USER/.mono-PID created by the Mono process and set the permissions to read/write for the owner and nothing for the group or other users.

What can go wrong security-wise with the above setup? What should we check that is not immediately obvious?

So far:

• Create directory with 0600 permissions, bail if mkdir returns anything but 0.
• Create socket in directory; It should be safe at this point, and change the permissions of the socket (is this really needed?).