1

We use Oracle VirtualBox OSE as a part of our custom virtualization infrastructure, and compile it on our CI servers. One of numerous compilation parameters you can add into LocalConfig.kmk, custom configuration file, is VBOX_WITH_HARDENING = 0, which obviously means compiling VirtualBox without Hardening. Also, you could not turn it on, if you compile it yourself.

I could not find in official build instructions, what in "hardening" on the "low-level", as far as I understood it's a some security patch, increasing guest OS-es protection against exploits. However, it still leaves a lot of questions. What is it physically, a driver, a patch, an application? Why Hardening sources are not included in VirtualBox OSE, an open-source product? I mean, how is it possible with the open-source license, which was derived from Sun Microsystems? And the main question, is it possible to compile VirtualBox OSE with Hardening?

  • 1
    There are a lot of questions here, which probably makes it too broad for this site. But anyway I think you might get more joy if you asked this on the VirtualBox forums, which seem reasonably active. [Find them here](https://forums.virtualbox.org/) – APC Sep 30 '18 at 08:08
  • Honestly, I asked several question there and did not receive any answer, except their plans regarding upgrade building toolchain from Visual Studio 2010 to something more modern (nope, they don't have any plans to upgrade in 2018) –  Sep 30 '18 at 10:41

1 Answers1

0

I got it. VirtualBox Hardening enables additional checks for compiled application. For example, you have to specify during the build where exactly your built application is going to be located in the filesystem, and its exact name. If the app does not meet the requirements, as defined during the build process, the app won't run. That's why you cannot relocate VirtualBox.app, and that includes renaming it! "VirtualBox-5.2.18.app" won't run, "VirtualBox.app" will.

Another thing is that you cannot run VirtualBox from its build output location (Debug or Release directory). If you're building a hardened build, you'll see a "Hardening error"