I am able to create, install, start, stop, and delete VMs all without host admin rights, so why should I need host admin rights to get this PDM dylib loaded for my VM?
Ideally, VirtualBox would just load this dylib directly out of my build output folder, but it insists that the dylib and the directory it lives in be owned by root. (Unable to load R3 module… blah blah blah… VERR_SUPLIB_OWNER_NOT_ROOT)
Why must root own my PDM library?
-
- Site Moderator
- Posts: 34369
- Joined: 6. Sep 2008, 22:55
- Primary OS: Linux other
- VBox Version: OSE self-compiled
- Guest OSses: *NIX
Re: Why must root own my PDM library?
Short answer, security.
Perhaps if you explained exactly what it is you are trying to accomplish....
Perhaps if you explained exactly what it is you are trying to accomplish....
Re: Why must root own my PDM library?
I am trying to develop and debug this PDM dylib, which requires frequent rebuilding. Having to jump through hoops to get the dylib owned by root before I can debug it is cumbersome.
What's the longer answer? When I launch a VM from a normal non-admin user account, isn't this PDM dylib also loaded in the context of that same user account? I don't understand the security implications.
What's the longer answer? When I launch a VM from a normal non-admin user account, isn't this PDM dylib also loaded in the context of that same user account? I don't understand the security implications.
-
- Oracle Corporation
- Posts: 3362
- Joined: 7. Jun 2007, 09:11
- Primary OS: Debian Sid
- VBox Version: PUEL
- Guest OSses: Linux, Windows
- Location: Dresden, Germany
- Contact:
Re: Why must root own my PDM library?
The security implications are the following: A normal user can start a VM process but the user cannot change the code. VirtualBox works low-level, some parts of the code are executed at system level. An attacker which is able to change the VirtualBox code can make your computer execute malicious code at system level with all bad consequences.
-
- Oracle Corporation
- Posts: 2973
- Joined: 19. Dec 2007, 15:45
- Primary OS: MS Windows 7
- VBox Version: PUEL
- Guest OSses: Any and all
- Contact:
Re: Why must root own my PDM library?
The short answer is "because whoever owns that dylib owns the entire system". You already got the long answerSeanG wrote:why should I need host admin rights to get this PDM dylib loaded for my VM?