Ticket #18680 (new enhancement)
Create symbolic links in shared folders without administrator priviledges using new Windows 10 Developer Mode
Reported by: | asmala | Owned by: | |
---|---|---|---|
Component: | shared folders | Version: | VirtualBox 6.0.8 |
Keywords: | symlink | Cc: | |
Guest type: | Linux | Host type: | Windows |
Description
Starting with Windows 10 Insiders build 14972 symlinks can be created without needing to elevate the console as administrator. The prerequisite is to enable Developer Mode, and after that any user on the machine can
- Run the mklink command without elevating a command-line console
- Use CreateSymbolicLink API if additional dwFlags option SYMBOLIC_LINK_FLAG_ALLOW_UNPRIVILEGED_CREATE is set to 0x2.
Since even after enabling the Developer Mode VirtualBox has to be run as Administrator in order to create symlinks in shard folders, I assume the method 2 i.e. API calls are used to create them.
My enhancement request: Please add the SYMBOLIC_LINK_FLAG_ALLOW_UNPRIVILEGED_CREATE to the API call when creating symlinks to shared folders under Windows 10 so Administrator priviledges are not required when Developer Mode is enabled.
Change History
Note: See
TracTickets for help on using
tickets.
I'd say this is a legitimate issue, and a legitimate request, and one that is probably easily fixed. Fixing it has the benefits that:
Your assumption appears correct; the flag is not anywhere in the code from what I can see. Here is where the call to CreateSymbolicLink (actually CreateSymbolicLinkA) is made, in kBuild:
https://www.virtualbox.org/browser/kBuild/trunk/src/kmk/kmkbuiltin/mscfakes.c?rev=3387#L442
This is the only call to CreateSymbolicLinkA and it relies on is_directory which never includes the bit 0x2 (i.e. SYMBOLIC_LINK_FLAG_ALLOW_UNPRIVILEGED_CREATE).
Documentation for this can be found here: https://docs.microsoft.com/en-gb/windows/win32/api/winbase/nf-winbase-createsymboliclinka?redirectedfrom=MSDN#SYMBOLIC_LINK_FLAG_ALLOW_UNPRIVILEGED_CREATE
I originally expected that we could just add SYMBOLIC_LINK_FLAG_ALLOW_UNPRIVILEGED_CREATE unconditionally and it would either be safely ignored, or safely used, depending on the Windows version and state of "Developer Mode" but instead older versions of Windows might react to this as an invalid parameter. See Eryk Sun's comment on this.