On Tuesday 23 March 2010, Angel Tsankov wrote: > Frank Mehnert wrote: > > On Tuesday 23 March 2010, Angel Tsankov wrote: > >> Frank Mehnert wrote: > >>> On Tuesday 23 March 2010, Angel Tsankov wrote: > >>>> Is there any way to disable the root ownership and group/other > >>>> writability checks on directories in VBox OSE? > >>> > >>> ./configure --disable-hardening > >>> > >>> ? > >> > >> How about some way that does not disable hardening at all? > > > > If hardenening is enabled the binaries must be suid root to be > > able to access the kernel driver. All these checks ensure the > > integrity of the VirtualBox installation. Either hardening is > > enabled (which is strongly recommended) or it is disabled (usually > > for development only). There is no 'weak' hardening. > > I guess it will be much easier if I just explain what I want to achieve > so that you can tell me how to do it, if it is at all possible. > > So, I'd like to install VBox OSE in the standard directories, i.e. > binaries in /usr/bin/, shared libraries below /usr/lib/, docs below > /usr/share/doc/, etc. I also want all standard directories to be group > writable. This is not possible with a hardened build, is it?
Well, to use different standard locations for the binaries have a look at debian/LocalConfig.kmk There we set some config variables (VBOX_PATH_APP_PRIVATE_ARCH, VBOX_PATH_SHARED_LIBS, ...) to change the installation pathes of the binaries/libs. Of course you have to copy the binaries yourself there. The other stuff is programmed in src/VBox/HostDrivers/Support/SUPR3HardenedVerify.cpp around line 356. Actually I don't know why the directory should be writable for the group but anyway, you can directly change the code. Kind regards, Frank -- Dr.-Ing. Frank Mehnert Sitz der Gesellschaft: Sun Microsystems GmbH, Sonnenallee 1, 85551 Kirchheim-Heimstetten Amtsgericht München: HRB 161028 Geschäftsführer: Thomas Schröder
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ vbox-dev mailing list [email protected] http://vbox.innotek.de/mailman/listinfo/vbox-dev
