[vbox-dev] Custom gui frontend: custom ExtPack or other means of direct host/guest com?

Ivo Smits Ivo at UFO-Net.nl
Fri Oct 14 18:33:44 GMT 2011

Op 14-10-2011 19:10, aep schreef:
>> On Linux systems, you
>> can either run everything as root, or make a call to RTR3InitAndSUPLib
>> (in VBoxXPCOMC.so) as root and then drop privileges and set up the VM.
> which has a hardcoded list of binaries that are allowed to run.
> If you touch that, then you have to recompile SVC.
>> I've documented this (an alternative frontend in C#/.Net for Windows
>> and Linux) on my blog: http://wp.ufo-net.nl/tag/virtualbox/ - where
>> you can also find a link to my sourcecode.
> that sounds promising, but how did you solve the security thingy 
> problems.
> Do you just make every user recompile everything?
No. The code is started as root (suid bit set), calls RTR3InitAndSUPLib 
(which apparently has no checks when ran as root), and then drops 
privileges. In my case, the call to RTR3InitAndSUPLib could be made 
either from the C# application (before dropping privileges), or more 
secure, from a wrapper application that calls RTR3InitAndSUPLib and then 
drops privileges and loads the actual program.

The RTR3InitAndSUPLib function is as far as I know not part of the 
official API, but is exported nevertheles. The sourcecode for the 
wrapper application is at 
and is linked against VBoxXPCOMC.so (although you could probably resolve 
the symbol at run time). I think you can not use exec() in the wrapper, 
since some handle is opened with the close-on-exec option.


More information about the vbox-dev mailing list