[MacPorts] #30992: virtualbox: enable hardening

MacPorts noreply at macports.org
Wed Aug 31 06:47:39 PDT 2011 

#30992: virtualbox: enable hardening
-------------------------------------+--------------------------------------
 Reporter:  ryandesign@…             |       Owner:  macports-tickets@…                   
     Type:  enhancement              |      Status:  new                                  
 Priority:  Normal                   |   Milestone:                                       
Component:  ports                    |     Version:  2.0.1                                
 Keywords:                           |        Port:  virtualbox                           
-------------------------------------+--------------------------------------

Comment(by cp@…):

 Hi,

 I am one of the VirtualBox developer. Ryan told us about the new
 VirtualBox port. We like it to have it supported by MacPorts, but not
 enabling hardening is a '''no go'''. As the warning says, such packages
 should not used in production environments and also not provided to users
 for security reasons. To help you with that, I checked what have to be
 done in the OSE version to create a version with hardening enabled. The
 following are only minimal changes to your current config, so I hope you
 will integrate them soon.

 1. Remove the `--disable-hardening` configure switch

 2. Add the following to the `LocalConfig.kmk` you create with the patches
 {{{
 VBOX_PATH_APP_PRIVATE="/Applications/MacPorts/VirtualBox.app/Contents/MacOS"
 VBOX_PATH_APP_PRIVATE_ARCH="/Applications/MacPorts/VirtualBox.app/Contents/MacOS"
 VBOX_PATH_SHARED_LIBS="/Applications/MacPorts/VirtualBox.app/Contents/MacOS"
 VBOX_PATH_APP_DOCS="/Applications/MacPorts/VirtualBox.app/Contents/MacOS"
   # Disable the building of any test apps
   VBOX_WITH_TESTSUITE=
   VBOX_WITH_TESTCASES=
   # Disable the build and splitting of the debug symbols
   kBuildGlobalDefaults_LD_DEBUG=
 }}}
 3. Build VirtualBox

 4. Install VirtualBox to `/Applications/MacPorts/`

 5. Execute the following to meet the VirtualBox path requirements
 {{{
 sudo chown -R root:admin /Applications/MacPorts/VirtualBox.app/
 sudo chmod u+s
 /Applications/MacPorts/VirtualBox.app/Contents/MacOS/VirtualBox
 sudo chmod u+s
 /Applications/MacPorts/VirtualBox.app/Contents/MacOS/VirtualBoxVM
 sudo chmod u+s
 /Applications/MacPorts/VirtualBox.app/Contents/MacOS/VBoxHeadless
 sudo chmod u+s
 /Applications/MacPorts/VirtualBox.app/Contents/MacOS/VBoxNetAdpCtl
 sudo chmod u+s
 /Applications/MacPorts/VirtualBox.app/Contents/MacOS/VBoxNetDHCP
 }}}
 6. Make sure that all directories parts within `/Applications/MacPorts/`
 are owned by root and there is no part which is writable by 'world' (for
 `/Applications/MacPorts/` this seems to be the case already)

 After that the hardening version of VBox should be working.

 If you have any other questions, please ask.

 Chris

-- 
Ticket URL: <https://trac.macports.org/ticket/30992#comment:1>
MacPorts <http://www.macports.org/>
Ports system for Mac OS

More information about the macports-tickets mailing list