Page 1 of 1

[Resolved] Cannot startup: Error -610 in supR3HardenedMainInitRuntime!

Posted: 10. May 2018, 22:38
by untra
Error messageWhen I start the virtualbox gui, nothing happens. When I run virtualbox from the commandline, I get:

Code: Select all

VirtualBox: Error -610 in supR3HardenedMainInitRuntime!
VirtualBox: dlopen("/Applications/VirtualBox.app/Contents/MacOS/VBoxRT.dylib",) failed: <NULL>

VirtualBox: Tip! It may help to reinstall VirtualBox.
Setup:
Host: macOS 10.13.3 (upgraded)
Virtualbox: 5.2.10

Attempted Solutions:
* reinstalling virtualbox
* restarting host after reinstalling
* installing virtualbox from brew cask (same error message)

kextstat | grep -v com.apple:

Code: Select all

Index Refs Address            Size       Wired      Name (Version) UUID <Linked Against>
  141    0 0xffffff7f82915000 0x17000    0x17000    com.Cylance.CyProtectDrvOSX (1) 2973260E-92C0-37B1-A82A-31CEE85AAE37 <7 5 4 3 2 1>
  152    1 0xffffff7f80e18000 0x7000     0x7000     com.bit9.cbsystemproxy (1801.24.61fc3) 6B899A41-5622-34C0-9999-4DD5B52EFEF8 <4 3 1>
  153    0 0xffffff7f80e23000 0x1d000    0x1d000    com.carbonblack.CbOsxSensorProcmon (1801.24.61fc3) 10976376-337F-304D-8060-CAB382444572 <152 7 5 4 3 2 1>
  172    0 0xffffff7f80e6a000 0xc000     0xc000     com.carbonblack.CbOsxSensorNetmon (1801.24.61fc3) B2AE8255-EB3F-358B-8CF5-813092554DF3 <7 5 4 3 1>
  782    1 0xffffff7f847c5000 0x11000    0x11000    com.vmware.kext.vmci (90.8.1) F673BA9E-4370-3867-996E-CA6615DFDE0A <12 5 4 3 1>
  783    0 0xffffff7f847d6000 0x16000    0x16000    com.vmware.kext.vmnet (0752.01.54) 9EDDE1C1-80D8-3154-95A1-25F70585272E <782 5 4 3 1>
  784    0 0xffffff7f847ec000 0x12000    0x12000    com.vmware.kext.vmx86 (0752.01.54) F20CC4A3-BFB5-365B-AEB8-84796FAA26F4 <7 5 4 3 1>
  785    0 0xffffff7f8480a000 0x6000     0x6000     com.vmware.kext.vmioplug.17.1.3 (17.1.3) 4E465B8F-BBF2-3877-BB4B-17398E62310C <55 5 4 3 1>
  912    3 0xffffff7f8474b000 0x64000    0x64000    org.virtualbox.kext.VBoxDrv (5.2.10) B172CB4D-2DAC-34A3-B1ED-8927A492021C <7 5 4 3 1>
  913    0 0xffffff7f847b7000 0x8000     0x8000     org.virtualbox.kext.VBoxUSB (5.2.10) 18BFD538-2E5A-328C-B8BF-DF95DFDDFC6F <912 169 55 7 5 4 3 1>
  914    0 0xffffff7f847af000 0x5000     0x5000     org.virtualbox.kext.VBoxNetFlt (5.2.10) 97411DA8-28E3-3954-85D4-10B616336375 <912 7 5 4 3 1>
  915    0 0xffffff7f84810000 0x6000     0x6000     org.virtualbox.kext.VBoxNetAdp (5.2.10) 4A140B73-8C07-3948-8928-D8700E8C7F8B <912 5 4 1>
Similar tickets:

Code: Select all

ticket/13370
ticket/13371
ticket/13372
Please let me know what other additional details I can provide. I could not find any other similar posts in the OSX forums.
Thanks in advance for any help or suggestions!

Re: Cannot startup: Error -610 in supR3HardenedMainInitRuntime!

Posted: 10. May 2018, 23:15
by socratis
If there's a hardening error while trying to open VirtualBox, then 99% your permissions are out of whack. Post the output of the commands (from /Applications/Utilities/Terminal):
  • 
    ls -ale@ /
    ls -ale@ /Applications
    ls -ale@ /Applications/VirtualBox.app
    ls -ale@ /private/tmp
    
It would be better if you saved the output to a text file (Terminal » menu Shell » Export Text As...), ZIP that file and attach it to your response. See the "Upload attachment" tab below the reply form.

And yes, you do have some suspicious kexts installed, but I don't want to go that route now, the error message points to something else...

Re: Cannot startup: Error -610 in supR3HardenedMainInitRuntime!

Posted: 24. May 2018, 00:26
by untra
Sorry for the late response. I was pulled into a few different directions and forgot I had posted this issue until just now. It is still a problem, but I am glad to be getting some help!

Code: Select all

1.txt ls -ale@ /
2.txt ls -ale@ /Applications
3.txt ls -ale@ /Applications/VirtualBox.app
4.txt ls -ale@ /private/tmp
I attached the output of the following commands to this reply. Thanks again for your assistance, and let me know if there are any further clues I can provide. Cheers!

Re: Cannot startup: Error -610 in supR3HardenedMainInitRuntime!

Posted: 24. May 2018, 10:43
by socratis
socratis wrote:99% your permissions are out of whack.
And indeed they are:
drwxrwxr-x+   63 sam.volin      SECIOUS\Domain Users    2142 May 21 10:44 Applications
and a lot of apps in the Applications directory have the same permissions as well. That's not going to work. You need to fix it by issuing the command:
  • sudo chown root:admin /Applications
I do *not* want to apply this recursively, because I do not know what other application it may disrupt. Anyway, start with that and we see how it goes. Just FYI, here are some apps that were affected:
-rw-r--r--   1 sam.volin  SECIOUS\Domain Users     0 Jul 15  2017 .localized
drwxr-xr-x   3 sam.volin  SECIOUS\Domain Users   102 May  9 13:10 BetterTouchTool.app
drwxr-xr-x   3 sam.volin  SECIOUS\Domain Users   102 Dec  7 18:10 Box Sync.app
drwxr-xr-x   6 sam.volin  SECIOUS\Domain Users   204 Apr 25 10:53 CarbonBlack
drwxr-xr-x   3 sam.volin  SECIOUS\Domain Users   102 Apr 24 11:34 Cisco Jabber.app
drwxrwxr-x   4 sam.volin  SECIOUS\Domain Users   136 Apr 24 11:52 Cylance
drwxr-xr-x@  3 sam.volin  SECIOUS\Domain Users   102 Apr 30 10:03 Docker.app
drwxrwxr-x   8 sam.volin  SECIOUS\Domain Users   272 May 23 09:01 GoToMeeting
drwxr-xr-x   3 sam.volin  SECIOUS\Domain Users   102 Apr 27 12:46 GoToMeeting.app
drwxr-xr-x   3 sam.volin  SECIOUS\Domain Users   102 Apr 24 11:26 Ivanti Agent.app
drwxr-xr-x   3 sam.volin  SECIOUS\Domain Users   102 Apr 24 11:26 Ivanti Workspaces.app
drwxrwxr-x   3 sam.volin  SECIOUS\Domain Users   102 Apr 24 11:38 Microsoft Excel.app
drwxrwxr-x   3 sam.volin  SECIOUS\Domain Users   102 Apr 24 11:38 Microsoft OneNote.app
drwxrwxr-x   3 sam.volin  SECIOUS\Domain Users   102 Apr 24 11:38 Microsoft Outlook.app
drwxrwxr-x   3 sam.volin  SECIOUS\Domain Users   102 Apr 24 11:38 Microsoft PowerPoint.app
drwxr-xr-x   3 sam.volin  SECIOUS\Domain Users   102 Apr 25 12:39 Microsoft Teams.app
drwxrwxr-x   3 sam.volin  SECIOUS\Domain Users   102 Apr 24 11:38 Microsoft Word.app
drwxr-xr-x   3 sam.volin  SECIOUS\Domain Users   102 Feb 12 13:38 MobilePASS.app
drwxr-xr-x   3 sam.volin  SECIOUS\Domain Users   102 Apr 24 11:32 Pulse Secure.app
drwxr-xr-x   3 sam.volin  SECIOUS\Domain Users   102 Mar 30 15:03 Slack.app
drwxr-xr-x   3 sam.volin  SECIOUS\Domain Users   102 Mar  9 12:16 Visual Studio Code.app
drwxr-xr-x   3 sam.volin  SECIOUS\Domain Users   102 Apr 22 15:56 iTerm.app
drwxr-xr-x   3 sam.volin  SECIOUS\Domain Users   102 Jan 29 16:49 iTunes.app
i.e. everything non-Apple pretty much...

Based on the dates only, I'd say that the application installer that screwed up your permissions was "Box Sync", but I don't want to reach a hasty conclusion without further evidence.

Finally, I forgot to mention to check the "/Library/Application Support/VirtualBox/" permissions. Here are mine so that you can compare them:
socratis$ ls -al /Library/Application\ Support/VirtualBox/
total 0
drwxr-xr-x   7 root  wheel  238 22 Μαϊ 10:14 .
drwxr-xr-x  22 root  admin  748 22 Μαϊ 10:14 ..
drwxr-xr-x   4 root  wheel  136  9 Μαϊ 13:18 LaunchDaemons
drwxr-xr-x   3 root  wheel  102  9 Μαϊ 13:18 VBoxDrv.kext
drwxr-xr-x   3 root  wheel  102  9 Μαϊ 13:18 VBoxNetAdp.kext
drwxr-xr-x   3 root  wheel  102  9 Μαϊ 13:18 VBoxNetFlt.kext
drwxr-xr-x   3 root  wheel  102  9 Μαϊ 13:18 VBoxUSB.kext

Re: Cannot startup: Error -610 in supR3HardenedMainInitRuntime!

Posted: 24. May 2018, 17:27
by untra
Aha! That fixed it!
sudo chown root:admin /Applications
was the solution here.
Socratis, you are excellent. Thanks so much for your quick responses. Can I ask why its important for root to own the files in the applications directory? And why was that causing the above error message?
Cheers!

Re: Cannot startup: Error -610 in supR3HardenedMainInitRuntime!

Posted: 24. May 2018, 17:46
by socratis
untra wrote:Aha! That fixed it!
Glad to hear that. Marking as [Resolved].
(borderline [WorksForMe] ;) )
untra wrote:Can I ask why its important for root to own the files in the applications directory?
That's a good security practice. For example, an "application" in OSX is really a folder/directory with a special extension; ".app". In that directory, the main program resides in a specific subdirectory, and that's what's launched. For example:
/Applications/Calculator.app/Contents/MacOS/Calculator
Completely hypothetical example
If *I* (the simple user) own that directory and all its files, random virus "CalculatorHijack" (from non-trusted website) could rename that executable file, and inject its own payload in that location:
/Applications/Calculator.app/Contents/MacOS/CalculatorOriginal    <-- Original program
/Applications/Calculator.app/Contents/MacOS/Calculator            <-- Virus
with "Calculator" now being the virus, which launches itself *and* the original Calculator. You don't get to understand a thing, and the virus is running quietly on the background. P0wned.
untra wrote:And why was that causing the above error message?
See above for a (fantastic) case scenario. VirtualBox implements what's known as Hardening; if an application and its key components do not adhere to a set of rules, that could present a security threat to the host or the guests, it won't run. Period.

Count your blessings, it way, way worse in the Windows world, mainly because of its lax security rules, and past mistakes...