[vbox-dev] how to shutdown VBox open APIs?
Alexey Eromenko
al4321 at gmail.com
Thu Dec 9 18:27:17 GMT 2010
On Thu, Dec 9, 2010 at 8:19 PM, Huihong Luo <huisinro at yahoo.com> wrote:
>
> We got more and more users to request how to deliver a vm whose configuration cannot be modified in any way.
>
> VBox is so powerful in its APIs, which is a very good feature compared to other vm software. However, this feature makes it very difficult to prevent people from chaning the vm settings, etc. Any thoughts on this?
>
> VBox uses across process COM communications, so need a way to only allow internal components to use those APIs, but disallow external programs to use it. Even this is done, a hacker can easily hook a DLL's exports, and change the code.
>
> For example, even if a VDI disk is encrypted, I can easily hook VBoxDDU.dll to dump its raw content, and bypass the encryption.
Use OVF -- it is a read-only format... better yet is to burn OVFs on CD-ROM.
OVF can't be changed by mistake.
Snapshots are read-only too. Once you have a snapshot it's settings
can't be changed.
--
-Alexey Eromenko "Technologov"
More information about the vbox-dev
mailing list