[vbox-dev] how to shutdown VBox open APIs?
Huihong Luo
huisinro at yahoo.com
Thu Dec 9 18:33:54 GMT 2010
I think one can still use VBoxManage.exe to attach another disk, change the settings etc.
--- On Thu, 12/9/10, Alexey Eromenko <al4321 at gmail.com> wrote:
From: Alexey Eromenko <al4321 at gmail.com>
Subject: Re: [vbox-dev] how to shutdown VBox open APIs?
To: vbox-dev at virtualbox.org
Date: Thursday, December 9, 2010, 10:27 AM
On Thu, Dec 9, 2010 at 8:19 PM, Huihong Luo <huisinro at yahoo.com> wrote:
>
> We got more and more users to request how to deliver a vm whose configuration cannot be modified in any way.
>
> VBox is so powerful in its APIs, which is a very good feature compared to other vm software. However, this feature makes it very difficult to prevent people from chaning the vm settings, etc. Any thoughts on this?
>
> VBox uses across process COM communications, so need a way to only allow internal components to use those APIs, but disallow external programs to use it. Even this is done, a hacker can easily hook a DLL's exports, and change the code.
>
> For example, even if a VDI disk is encrypted, I can easily hook VBoxDDU.dll to dump its raw content, and bypass the encryption.
Use OVF -- it is a read-only format... better yet is to burn OVFs on CD-ROM.
OVF can't be changed by mistake.
Snapshots are read-only too. Once you have a snapshot it's settings
can't be changed.
--
-Alexey Eromenko "Technologov"
_______________________________________________
vbox-dev mailing list
vbox-dev at virtualbox.org
http://vbox.innotek.de/mailman/listinfo/vbox-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.virtualbox.org/pipermail/vbox-dev/attachments/20101209/cc610a3c/attachment.html>
More information about the vbox-dev
mailing list