- Implement a file read/write API in the VBoxSVC service.
- To begin a host->guest drap/drop the shell service on the host sends a packet containing host and guest paths and files to the GAs running in the guest.
- On receipt the GAs kick off a process which copies the files using calls to the file read/write API mentioned in step 1.
Happily that isn't how they implemented it. I haven't checked the precise details as I still don't use the feature, but what they've done seems to amount to a hidden shared folder. In step 1 a link is added to the hidden shared folder. In step 3 guest code can only access host files when a link to the file is found - so no access to the entire host drive. Since this essentially is a shared folder service (the devs may not agree on how I mentally model the problem), it will not be any safer or more dangerous than shared folders in general. In both cases the user must perform enabling actions before guest code can access anything or affect anything on the host.