Monday, February 18, 2008

Mono trickery


I always spot the best bugs during coding. While coding tjmd5 (see last posting) I ran across
an interesting mono feature. For each 'foo' C# file that it compiles it lookups 'foo.so'
in /usr, /usr/lib etc directories and 'foo.so.la' in the cwd. This can be abused to execute
arbitrary code while someone is just compiling an C#-file. I am not sure about the impact since
you can say that the dude is executing the .exe after he was compiling it. Well.
Depending on the comments you all make I will decide whether this is something to tell Miguel :-)

5 comments:

Anonymous said...

Hello,

This is Mono's AOT support, you can disable it by using -O=-aot

Anonymous said...

-O=-aot is a switch for mono runtime itself.
The "bug" is about the mcs compiler
which does not know about AOT.
Note that code is executed during
*compilation* not during *run*.
Additionally if you name a .cs file
like libc.cs it will load /lib/libc.so
which may have some weird side effects-

Anonymous said...

I was unable to reproduce this problem.

Anonymous said...

Using mono 1.2.6 (latest download from
their site).

An strace shows that it tries to
open lots of bar.so on various places.
Additionally it uses mode 0666 for bar.exe
and a chmod afterwards...
I hope I did not mess up my mono install
after rpm -U with their rpm's but
it seems to work all fine, including
compilation and running C# files.

Anonymous said...

To the owner of this blog, how far youve come?