VirtualBox

Opened 13 years ago

Closed 8 years ago

#10273 closed enhancement (obsolete)

VirtualBox Support for ASLR

Reported by: DNS Owned by:
Component: VMM Version: VirtualBox 4.1.8
Keywords: Cc:
Guest type: other Host type: other

Description

Windows Vista has introduced new memory security protections, such as DEP/NX, ASLR (Address Space Layout Randomization) and Heap Corruption Detection, which help to block exploits of common vulnerabilities. Unfortunately VirtualBox still is not compiled to take advantage of these security features. While VirtualBox's code doesn't exhibit any weaknesses, it would be beneficial to be able to use these OS security enhancements as a backstop in the event that the hypervisor is exploited.

There are also reports of there being a similar incompatibility between VirtualBox and ASLR implementations in Linux as well.

Currently, forcing these OS protection settings for VirtualBox's processes causes random and complete system halts. Support for ASLR is easy to accomplish and could probably make it into the next release as all that is needed for it to work is the turning on of a bit in the executable.

Change History (7)

in reply to:  description comment:1 by Hans, 13 years ago

Replying to DNS:

Currently, forcing these OS protection settings for VirtualBox's processes causes random and complete system halts. Support for ASLR is easy to accomplish […] all that is needed for it to work is the turning on of a bit in the executable.

Isn't that a contradiction? I am no expert on this matter but I believe that the linker has to be aware of the ASLR in order to create an fully ASLR-compatible executable. I am not sure what compiler versions Oracle uses but judging from https://www.virtualbox.org/wiki/Windows%20build%20instructions it might be quite vintage and therefore enabling ASLR would require changes to the build environment, so don't anticipate it to be enabled anytime soon.

On a personal note, I too can't wait to see it ASLR enabled as VirtualBox is one of the last of my frequently applications that hasn't ASLR activated.

comment:2 by Frank Mehnert, 12 years ago

Resolution: fixed
Status: newclosed

As of VBox 4.2, all executables are compiled with /DYNAMICBASE enabled. So marking as fixed.

comment:3 by Naakka, 12 years ago

With 4.2.0, system wide mandatory ASLR still cannot be used. If it is enabled, all VMs fail to start with a VERR_LDR_MISMATCH_NATIVE error. I guess the VirtualBox drivers still aren't compatible with this?

comment:4 by Frank Mehnert, 12 years ago

Which host are you talking about?

in reply to:  4 comment:5 by Naakka, 12 years ago

Replying to frank:

Which host are you talking about?

Windows 7 64-bit.

comment:6 by Frank Mehnert, 12 years ago

Resolution: fixed
Status: closedreopened

Thanks for the report, seems we did not test this setting properly.

comment:7 by aeichner, 8 years ago

Resolution: obsolete
Status: reopenedclosed

Please reopen if still relevant with a recent VirtualBox release.

Note: See TracTickets for help on using tickets.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette