[vbox-dev] hardening feature

[Ramshankar]

On 11/12/2014 02:18 AM, Sérgio Basto wrote:
> On Ter, 2014-11-11 at 12:50 +0100, Felix morack wrote:
>> Like so many people i am still running 4.12 due to the "hardening"
>> issues.
> what people ?
>
>> yes, i reported a bunch of them back when we first started, and yes i
>> have since tested all versions up to 4.18.
> where  ?
>
>> We are now nearing a point where i cant deploy 4.12 anymore due to
>> formal security regulations, so i have to get serious about this now.
>>
>> I am therefore looking for a detailed, technical description of this
>> new 'feature' and why devs think it is necessary.
>>
>> Yes, i have the code, but a high level reasoning would be very
>> helpful, especially what has changed with version 4.12. Specifically i
>> am looking for documentation "between" the source code and the manual.
>> Does such a documentation exist in public? Any technical discussion of
>> it perhaps?
>>
>> Background is that i am think about deploying my own custom build with
>> hardening disabled.
> I remember I have to enable h ardening feature on kernel modes (.ko) at
> some point and hardening feature should be enabled , for security
> reasons .
> But I'd like to know what "hardening feature issues" do we have .

Although it's not explicitly mentioned so far, I'm pretty sure the 
hardening issue being discussed in this thread is regarding hardening on 
Windows hosts only.

Also, @ original poster: there is no VirtualBox "4.12" version, are you 
referring to 4.1.2 or 4.3.12 or something else? (Just for the sake of 
correctness)

Regards,
Ram.


> Thanks,
>
>> Which is pretty insane, but there is no chance in hell anything post
>> 4.12 ends up even in proximity to systems whose stability i am
>> responsible for.
>>
>>
>> tb
>>
>>
>> p.s. does vmware have such a feature? How do they handle it?
>>
>>
>> _______________________________________________
>> vbox-dev mailing list
>> vbox-dev at virtualbox.org
>> https://www.virtualbox.org/mailman/listinfo/vbox-dev