On Mar 23, 2010, at 12:53 PM, Angel Tsankov wrote: > Frank Mehnert wrote: >> On Tuesday 23 March 2010, Angel Tsankov wrote: >>> Frank Mehnert wrote: >>>> On Tuesday 23 March 2010, Angel Tsankov wrote: >>>>> Is there any way to disable the root ownership and group/other >>>>> writability checks on directories in VBox OSE? >>>> ./configure --disable-hardening >>>> >>>> ? >>> How about some way that does not disable hardening at all? >> If hardenening is enabled the binaries must be suid root to be >> able to access the kernel driver. All these checks ensure the >> integrity of the VirtualBox installation. Either hardening is >> enabled (which is strongly recommended) or it is disabled (usually >> for development only). There is no 'weak' hardening. > > I guess it will be much easier if I just explain what I want to achieve so > that you can tell me how to do it, if it is at all possible. > > So, I'd like to install VBox OSE in the standard directories, i.e. binaries > in /usr/bin/, shared libraries below /usr/lib/, docs below /usr/share/doc/, > etc. I also want all standard directories to be group writable. This is not > possible with a hardened build, is it?
No, it's not possible. Hardened == paranoid + simple, so, we do not want to run the risk that someone has added themselves to the root group. -- Kind regards / Mit freundlichen Gruessen / Vennlig hilsen, Knut -- Sun Microsystems GmbH Knut St. Osmundsen Werkstrasse 24 Senior Staff Engineer, VirtualBox 71384 Weinstadt, Germany mailto:[email protected] ================================================== Sitz der Gesellschaft: Sun Microsystems GmbH, Sonnenallee 1, D-85551 Kirchheim-Heimstetten Amtsgericht Muenchen: HRB 161028 Gesch?ftsf?hrer: Thomas Schroeder, Wolfgang Engels Vorsitzender des Aufsichtsrates: Martin Haering ================================================== _______________________________________________ vbox-dev mailing list [email protected] http://vbox.innotek.de/mailman/listinfo/vbox-dev
