[vbox-dev] Hardening levels in VBox OSE?

Angel Tsankov fn42551 at fmi.uni-sofia.bg
Tue Mar 23 04:53:09 PDT 2010


Frank Mehnert wrote:
> On Tuesday 23 March 2010, Angel Tsankov wrote:
>> Frank Mehnert wrote:
>>> On Tuesday 23 March 2010, Angel Tsankov wrote:
>>>> Is there any way to disable the root ownership and group/other
>>>> writability checks on directories in VBox OSE?
>>> ./configure --disable-hardening
>>>
>>> ?
>> How about some way that does not disable hardening at all?
> 
> If hardenening is enabled the binaries must be suid root to be
> able to access the kernel driver. All these checks ensure the
> integrity of the VirtualBox installation. Either hardening is
> enabled (which is strongly recommended) or it is disabled (usually
> for development only). There is no 'weak' hardening.

I guess it will be much easier if I just explain what I want to achieve 
so that you can tell me how to do it, if it is at all possible.

So, I'd like to install VBox OSE in the standard directories, i.e. 
binaries in /usr/bin/, shared libraries below /usr/lib/, docs below 
/usr/share/doc/, etc. I also want all standard directories to be group 
writable.  This is not possible with a hardened build, is it?

Regards,
Angel Tsankov





More information about the vbox-dev mailing list