Why must root own my PDM library?

Discussions related to using the OSE version of VirtualBox.

Why must root own my PDM library?

Postby SeanG » 12. Jun 2014, 01:47

I am able to create, install, start, stop, and delete VMs all without host admin rights, so why should I need host admin rights to get this PDM dylib loaded for my VM?

Ideally, VirtualBox would just load this dylib directly out of my build output folder, but it insists that the dylib and the directory it lives in be owned by root. (Unable to load R3 module… blah blah blah… VERR_SUPLIB_OWNER_NOT_ROOT)
SeanG
 
Posts: 2
Joined: 12. Jun 2014, 01:31

Re: Why must root own my PDM library?

Postby Perryg » 12. Jun 2014, 02:29

Short answer, security.
Perhaps if you explained exactly what it is you are trying to accomplish....
Perryg
Site Moderator
 
Posts: 34373
Joined: 6. Sep 2008, 22:55
Primary OS: Linux other
VBox Version: OSE self-compiled
Guest OSses: *NIX

Re: Why must root own my PDM library?

Postby SeanG » 12. Jun 2014, 20:07

I am trying to develop and debug this PDM dylib, which requires frequent rebuilding. Having to jump through hoops to get the dylib owned by root before I can debug it is cumbersome.

What's the longer answer? When I launch a VM from a normal non-admin user account, isn't this PDM dylib also loaded in the context of that same user account? I don't understand the security implications.
SeanG
 
Posts: 2
Joined: 12. Jun 2014, 01:31

Re: Why must root own my PDM library?

Postby frank » 7. May 2015, 09:18

The security implications are the following: A normal user can start a VM process but the user cannot change the code. VirtualBox works low-level, some parts of the code are executed at system level. An attacker which is able to change the VirtualBox code can make your computer execute malicious code at system level with all bad consequences.
frank
Oracle Corporation
 
Posts: 3362
Joined: 7. Jun 2007, 09:11
Location: Dresden, Germany
Primary OS: Debian Sid
VBox Version: PUEL
Guest OSses: Linux, Windows

Re: Why must root own my PDM library?

Postby michaln » 7. May 2015, 10:12

SeanG wrote:why should I need host admin rights to get this PDM dylib loaded for my VM?

The short answer is "because whoever owns that dylib owns the entire system". You already got the long answer :)
michaln
Oracle Corporation
 
Posts: 2958
Joined: 19. Dec 2007, 15:45
Primary OS: MS Windows 7
VBox Version: PUEL
Guest OSses: Any and all


Return to VirtualBox OSE

Who is online

Users browsing this forum: No registered users and 1 guest