Why must root own my PDM library?

Discussions related to using the OSE version of VirtualBox.
Post Reply
SeanG
Posts: 2
Joined: 12. Jun 2014, 01:31

Why must root own my PDM library?

Post by SeanG »

I am able to create, install, start, stop, and delete VMs all without host admin rights, so why should I need host admin rights to get this PDM dylib loaded for my VM?

Ideally, VirtualBox would just load this dylib directly out of my build output folder, but it insists that the dylib and the directory it lives in be owned by root. (Unable to load R3 module… blah blah blah… VERR_SUPLIB_OWNER_NOT_ROOT)
Perryg
Site Moderator
Posts: 34369
Joined: 6. Sep 2008, 22:55
Primary OS: Linux other
VBox Version: OSE self-compiled
Guest OSses: *NIX

Re: Why must root own my PDM library?

Post by Perryg »

Short answer, security.
Perhaps if you explained exactly what it is you are trying to accomplish....
SeanG
Posts: 2
Joined: 12. Jun 2014, 01:31

Re: Why must root own my PDM library?

Post by SeanG »

I am trying to develop and debug this PDM dylib, which requires frequent rebuilding. Having to jump through hoops to get the dylib owned by root before I can debug it is cumbersome.

What's the longer answer? When I launch a VM from a normal non-admin user account, isn't this PDM dylib also loaded in the context of that same user account? I don't understand the security implications.
frank
Oracle Corporation
Posts: 3362
Joined: 7. Jun 2007, 09:11
Primary OS: Debian Sid
VBox Version: PUEL
Guest OSses: Linux, Windows
Location: Dresden, Germany
Contact:

Re: Why must root own my PDM library?

Post by frank »

The security implications are the following: A normal user can start a VM process but the user cannot change the code. VirtualBox works low-level, some parts of the code are executed at system level. An attacker which is able to change the VirtualBox code can make your computer execute malicious code at system level with all bad consequences.
michaln
Oracle Corporation
Posts: 2973
Joined: 19. Dec 2007, 15:45
Primary OS: MS Windows 7
VBox Version: PUEL
Guest OSses: Any and all
Contact:

Re: Why must root own my PDM library?

Post by michaln »

SeanG wrote:why should I need host admin rights to get this PDM dylib loaded for my VM?
The short answer is "because whoever owns that dylib owns the entire system". You already got the long answer :)
Post Reply