Hello Michael, On Thu, 13 Aug 2009 11:38:38 +0200, Michael Thayer wrote > If you indeed de-installed the VirtualBox networking component, then > the networking parts of VirtualBox are running with the same rights > as any other process the user might start (Mikhail, please correct > me here if I am saying anything wrong for Windows hosts).
Doesn't it have some code running in kernel mode? > Your > users have root rights inside the virtual machine, but on the host > they do not get any special rights as far as networking is concerned > (in fact generally, VirtualBox is designed to run with as few extra > privileges as possible). This can be compared to the way root rights > on one machine in a network doesn't give you special privileges on > other machines. Agree. However, having root rights on the guest os users can run some sort of program that they could not run inside the host os as ordinary users. For example, they can run programs like nmap from the guest os and not from host os simply because they cannot install it in the host os. They could install on guest os any other prohibited program that they could not install on host system (due to the lack of rights and the security policy). > In particular, unless you set up port forwarding, any server which they > set up on a virtual machine will not even be accessible from the host You are right. In fact, since WinXP just allow us to block inbound connections, it is blocked. On the other hand, WinXP does not allow us to block outbound connections. >In particular, all host firewall rules still apply. Yes, the only concern now is with the outbound connections. WinXP's Firewall is not able to block it (just inbound). Regards -- Esta mensagem foi verificada pelo sistema de antivĂrus e acredita-se estar livre de perigo. _______________________________________________ vbox-users mailing list [email protected] http://vbox.innotek.de/mailman/listinfo/vbox-users
