Page 1 of 1

Why must root own my PDM library?

Posted: 12. Jun 2014, 01:47
by SeanG
I am able to create, install, start, stop, and delete VMs all without host admin rights, so why should I need host admin rights to get this PDM dylib loaded for my VM?

Ideally, VirtualBox would just load this dylib directly out of my build output folder, but it insists that the dylib and the directory it lives in be owned by root. (Unable to load R3 module… blah blah blah… VERR_SUPLIB_OWNER_NOT_ROOT)

Re: Why must root own my PDM library?

Posted: 12. Jun 2014, 02:29
by Perryg
Short answer, security.
Perhaps if you explained exactly what it is you are trying to accomplish....

Re: Why must root own my PDM library?

Posted: 12. Jun 2014, 20:07
by SeanG
I am trying to develop and debug this PDM dylib, which requires frequent rebuilding. Having to jump through hoops to get the dylib owned by root before I can debug it is cumbersome.

What's the longer answer? When I launch a VM from a normal non-admin user account, isn't this PDM dylib also loaded in the context of that same user account? I don't understand the security implications.

Re: Why must root own my PDM library?

Posted: 7. May 2015, 09:18
by frank
The security implications are the following: A normal user can start a VM process but the user cannot change the code. VirtualBox works low-level, some parts of the code are executed at system level. An attacker which is able to change the VirtualBox code can make your computer execute malicious code at system level with all bad consequences.

Re: Why must root own my PDM library?

Posted: 7. May 2015, 10:12
by michaln
SeanG wrote:why should I need host admin rights to get this PDM dylib loaded for my VM?
The short answer is "because whoever owns that dylib owns the entire system". You already got the long answer :)