SUPR3HardenedVerify.cpp revision 3ca89d9d8c4fc158ba28bdf82c9cc3697625ce12
b442af56a5e2104663b84fb345c070ce185d4ab3slive * VirtualBox Support Library - Verification of Hardened Installation.
db479b48bd4d75423ed4a45e15b75089d1a8ad72fielding * Copyright (C) 2006-2008 Sun Microsystems, Inc.
db479b48bd4d75423ed4a45e15b75089d1a8ad72fielding * This file is part of VirtualBox Open Source Edition (OSE), as
db479b48bd4d75423ed4a45e15b75089d1a8ad72fielding * available from http://www.virtualbox.org. This file is free software;
db479b48bd4d75423ed4a45e15b75089d1a8ad72fielding * you can redistribute it and/or modify it under the terms of the GNU
db479b48bd4d75423ed4a45e15b75089d1a8ad72fielding * General Public License (GPL) as published by the Free Software
acc36ab93565d2880447d535da6ca6e5feac7a70nd * Foundation, in version 2 as it comes in the "COPYING" file of the
acc36ab93565d2880447d535da6ca6e5feac7a70nd * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
acc36ab93565d2880447d535da6ca6e5feac7a70nd * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
acc36ab93565d2880447d535da6ca6e5feac7a70nd * The contents of this file may alternatively be used under the terms
acc36ab93565d2880447d535da6ca6e5feac7a70nd * of the Common Development and Distribution License Version 1.0
acc36ab93565d2880447d535da6ca6e5feac7a70nd * (CDDL) only, as it comes in the "COPYING.CDDL" file of the
acc36ab93565d2880447d535da6ca6e5feac7a70nd * VirtualBox OSE distribution, in which case the provisions of the
acc36ab93565d2880447d535da6ca6e5feac7a70nd * CDDL are applicable instead of those of the GPL.
7db9f691a00ead175b03335457ca296a33ddf31bnd * You may elect to license modified versions of this file under the
b442af56a5e2104663b84fb345c070ce185d4ab3slive * terms and conditions of either the GPL or the CDDL or both.
b442af56a5e2104663b84fb345c070ce185d4ab3slive * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa
b442af56a5e2104663b84fb345c070ce185d4ab3slive * Clara, CA 95054 USA or visit http://www.sun.com if you need
654d8eb036bedc99e90e11910ee02d3421417697rbowen * additional information or have any questions.
b442af56a5e2104663b84fb345c070ce185d4ab3slive/*******************************************************************************
b442af56a5e2104663b84fb345c070ce185d4ab3slive* Header Files *
b442af56a5e2104663b84fb345c070ce185d4ab3slive*******************************************************************************/
c0c6c6e1fc6d75274623ec07b635725c5ffaaa20rbowen#else /* UNIXes */
d4c13075c38c47d33dbab174e69f0dae9ecb4b28nd/*******************************************************************************
b442af56a5e2104663b84fb345c070ce185d4ab3slive* Global Variables *
844a895a7e909808ee5b1bd431de3832c407eab4noirin*******************************************************************************/
b442af56a5e2104663b84fb345c070ce185d4ab3slive * The files that gets verified.
b47bddbe88fb1489893591d69d4ccab9b873af68humbedooh * @todo This needs reviewing against the linux packages.
b47bddbe88fb1489893591d69d4ccab9b873af68humbedooh * @todo The excessive use of kSupID_SharedLib needs to be reviewed at some point. For
b47bddbe88fb1489893591d69d4ccab9b873af68humbedooh * the time being we're building the linux packages with SharedLib pointing to
b47bddbe88fb1489893591d69d4ccab9b873af68humbedooh * AppPrivArch (lazy bird).
b442af56a5e2104663b84fb345c070ce185d4ab3slive /* type, dir, fOpt, "pszFile" */
b442af56a5e2104663b84fb345c070ce185d4ab3slive /* ---------------------------------------------------------------------- */
b47bddbe88fb1489893591d69d4ccab9b873af68humbedooh { kSupIFT_Dll, kSupID_AppPrivArch, false, "VBoxDDR0.r0" },
cf02129aebf73dd0bdf369b172eb481ff76ac5f6colm { kSupIFT_Dll, kSupID_AppPrivArch, false, "VBoxDD2R0.r0" },
a166215fba9f76030a979c81f95becff52f5aeefrbowen { kSupIFT_Dll, kSupID_AppPrivArch, false, "VBoxDDGC.gc" },
860b4efe27e7c1c9a2bf5c872b29c90f76849b51jim { kSupIFT_Dll, kSupID_AppPrivArch, false, "VBoxDD2GC.gc" },
a166215fba9f76030a979c81f95becff52f5aeefrbowen { kSupIFT_Dll, kSupID_SharedLib, false, "VBoxRT" SUPLIB_DLL_SUFF },
860b4efe27e7c1c9a2bf5c872b29c90f76849b51jim { kSupIFT_Dll, kSupID_SharedLib, false, "VBoxVMM" SUPLIB_DLL_SUFF },
a166215fba9f76030a979c81f95becff52f5aeefrbowen { kSupIFT_Dll, kSupID_SharedLib, false, "VBoxREM" SUPLIB_DLL_SUFF },
a166215fba9f76030a979c81f95becff52f5aeefrbowen { kSupIFT_Dll, kSupID_SharedLib, true, "VBoxREM32" SUPLIB_DLL_SUFF },
2104559c61c6056b2f4ef117748af1871b467e81rbowen { kSupIFT_Dll, kSupID_SharedLib, true, "VBoxREM64" SUPLIB_DLL_SUFF },
2104559c61c6056b2f4ef117748af1871b467e81rbowen { kSupIFT_Dll, kSupID_SharedLib, false, "VBoxDD" SUPLIB_DLL_SUFF },
2104559c61c6056b2f4ef117748af1871b467e81rbowen { kSupIFT_Dll, kSupID_SharedLib, false, "VBoxDD2" SUPLIB_DLL_SUFF },
2104559c61c6056b2f4ef117748af1871b467e81rbowen { kSupIFT_Dll, kSupID_SharedLib, false, "VBoxDDU" SUPLIB_DLL_SUFF },
a166215fba9f76030a979c81f95becff52f5aeefrbowen//#ifdef VBOX_WITH_DEBUGGER_GUI
b442af56a5e2104663b84fb345c070ce185d4ab3slive { kSupIFT_Dll, kSupID_SharedLib, true, "VBoxDbg" SUPLIB_DLL_SUFF },
b442af56a5e2104663b84fb345c070ce185d4ab3slive { kSupIFT_Dll, kSupID_SharedLib, true, "VBoxDbg3" SUPLIB_DLL_SUFF },
b442af56a5e2104663b84fb345c070ce185d4ab3slive//#ifdef VBOX_WITH_SHARED_CLIPBOARD
1d9308ed0075062953a246d16bcda888a1be1adeslive { kSupIFT_Dll, kSupID_AppPrivArch, true, "VBoxSharedClipboard" SUPLIB_DLL_SUFF },
860b4efe27e7c1c9a2bf5c872b29c90f76849b51jim//#ifdef VBOX_WITH_SHARED_FOLDERS
844a895a7e909808ee5b1bd431de3832c407eab4noirin { kSupIFT_Dll, kSupID_AppPrivArch, true, "VBoxSharedFolders" SUPLIB_DLL_SUFF },
c0c6c6e1fc6d75274623ec07b635725c5ffaaa20rbowen//#ifdef VBOX_WITH_GUEST_PROPS
860b4efe27e7c1c9a2bf5c872b29c90f76849b51jim { kSupIFT_Dll, kSupID_AppPrivArch, true, "VBoxGuestPropSvc" SUPLIB_DLL_SUFF },
860b4efe27e7c1c9a2bf5c872b29c90f76849b51jim { kSupIFT_Dll, kSupID_AppPrivArch, true, "VBoxSharedCrOpenGL" SUPLIB_DLL_SUFF },
860b4efe27e7c1c9a2bf5c872b29c90f76849b51jim { kSupIFT_Dll, kSupID_AppPrivArch, true, "VBoxOGLhostcrutil" SUPLIB_DLL_SUFF },
844a895a7e909808ee5b1bd431de3832c407eab4noirin { kSupIFT_Dll, kSupID_AppPrivArch, true, "VBoxOGLhosterrorspu" SUPLIB_DLL_SUFF },
860b4efe27e7c1c9a2bf5c872b29c90f76849b51jim { kSupIFT_Dll, kSupID_AppPrivArch, true, "VBoxOGLrenderspu" SUPLIB_DLL_SUFF },
c0c6c6e1fc6d75274623ec07b635725c5ffaaa20rbowen { kSupIFT_Exe, kSupID_AppBin, true, "VBoxManage" SUPLIB_EXE_SUFF },
860b4efe27e7c1c9a2bf5c872b29c90f76849b51jim { kSupIFT_Exe, kSupID_AppBin, false, "VBoxSVC" SUPLIB_EXE_SUFF },
860b4efe27e7c1c9a2bf5c872b29c90f76849b51jim { kSupIFT_Dll, kSupID_SharedLib, false, "VBoxSettings" SUPLIB_DLL_SUFF },
a1ef40892ffa2b44fc249423c5b6c42a74a84c68nd { kSupIFT_Dll, kSupID_AppPrivArchComp, false, "VBoxC" SUPLIB_DLL_SUFF },
ef26e16090b1b00e96bb5eb1bee6f9cee4651466jwoolley { kSupIFT_Exe, kSupID_AppPrivArch, false, "VBoxXPCOMIPCD" SUPLIB_EXE_SUFF },
860b4efe27e7c1c9a2bf5c872b29c90f76849b51jim { kSupIFT_Dll, kSupID_SharedLib, false, "VBoxXPCOM" SUPLIB_DLL_SUFF },
860b4efe27e7c1c9a2bf5c872b29c90f76849b51jim { kSupIFT_Dll, kSupID_AppPrivArchComp, false, "VBoxXPCOMIPCC" SUPLIB_DLL_SUFF },
4566c682d671cfda9cfcb77ea3f8e3fb8a265010trawick { kSupIFT_Dll, kSupID_AppPrivArchComp, false, "VBoxC" SUPLIB_DLL_SUFF },
b442af56a5e2104663b84fb345c070ce185d4ab3slive { kSupIFT_Dll, kSupID_AppPrivArchComp, false, "VBoxSVCM" SUPLIB_DLL_SUFF },
860b4efe27e7c1c9a2bf5c872b29c90f76849b51jim { kSupIFT_Data, kSupID_AppPrivArchComp, false, "VBoxXPCOMBase.xpt" },
b442af56a5e2104663b84fb345c070ce185d4ab3slive//#ifdef VBOX_WITH_VRDP
d4c13075c38c47d33dbab174e69f0dae9ecb4b28nd { kSupIFT_Dll, kSupID_SharedLib, true, "VRDPAuth" SUPLIB_DLL_SUFF },
b47bddbe88fb1489893591d69d4ccab9b873af68humbedooh { kSupIFT_Dll, kSupID_SharedLib, true, "VBoxVRDP" SUPLIB_DLL_SUFF },
b47bddbe88fb1489893591d69d4ccab9b873af68humbedooh//#ifdef VBOX_WITH_HEADLESS
d4c13075c38c47d33dbab174e69f0dae9ecb4b28nd { kSupIFT_Exe, kSupID_AppBin, true, "VBoxHeadless" SUPLIB_EXE_SUFF },
b442af56a5e2104663b84fb345c070ce185d4ab3slive { kSupIFT_Dll, kSupID_AppPrivArch, true, "VBoxHeadless" SUPLIB_DLL_SUFF },
860b4efe27e7c1c9a2bf5c872b29c90f76849b51jim { kSupIFT_Dll, kSupID_AppPrivArch, true, "VBoxFFmpegFB" SUPLIB_DLL_SUFF },
a1ef40892ffa2b44fc249423c5b6c42a74a84c68nd//#ifdef VBOX_WITH_QTGUI
a1ef40892ffa2b44fc249423c5b6c42a74a84c68nd { kSupIFT_Exe, kSupID_AppBin, true, "VirtualBox" SUPLIB_EXE_SUFF },
b442af56a5e2104663b84fb345c070ce185d4ab3slive { kSupIFT_Dll, kSupID_AppPrivArch, true, "VirtualBox" SUPLIB_DLL_SUFF },
b442af56a5e2104663b84fb345c070ce185d4ab3slive# if !defined(RT_OS_DARWIN) && !defined(RT_OS_WINDOWS) && !defined(RT_OS_OS2)
4e9f8c5414e5fe39b5393641533edca65f6e8b91poirier { kSupIFT_Dll, kSupID_SharedLib, true, "VBoxKeyboard" SUPLIB_DLL_SUFF },
860b4efe27e7c1c9a2bf5c872b29c90f76849b51jim//#ifdef VBOX_WITH_VBOXSDL
860b4efe27e7c1c9a2bf5c872b29c90f76849b51jim { kSupIFT_Exe, kSupID_AppBin, true, "VBoxSDL" SUPLIB_EXE_SUFF },
860b4efe27e7c1c9a2bf5c872b29c90f76849b51jim { kSupIFT_Dll, kSupID_AppPrivArch, true, "VBoxSDL" SUPLIB_DLL_SUFF },
4e9f8c5414e5fe39b5393641533edca65f6e8b91poirier//#ifdef VBOX_WITH_VBOXBFE
4e9f8c5414e5fe39b5393641533edca65f6e8b91poirier { kSupIFT_Exe, kSupID_AppBin, true, "VBoxBFE" SUPLIB_EXE_SUFF },
860b4efe27e7c1c9a2bf5c872b29c90f76849b51jim { kSupIFT_Dll, kSupID_AppPrivArch, true, "VBoxBFE" SUPLIB_DLL_SUFF },
d4c13075c38c47d33dbab174e69f0dae9ecb4b28nd//#ifdef VBOX_WITH_WEBSERVICES
b47bddbe88fb1489893591d69d4ccab9b873af68humbedooh { kSupIFT_Exe, kSupID_AppBin, true, "vboxwebsrv" SUPLIB_EXE_SUFF },
4e9f8c5414e5fe39b5393641533edca65f6e8b91poirier { kSupIFT_Exe, kSupID_AppBin, true, "VBoxTunctl" SUPLIB_EXE_SUFF },
b442af56a5e2104663b84fb345c070ce185d4ab3slive//#ifdef VBOX_WITH_NETFLT
b442af56a5e2104663b84fb345c070ce185d4ab3slive { kSupIFT_Exe, kSupID_AppBin, true, "VBoxNetDHCP" SUPLIB_EXE_SUFF },
844a895a7e909808ee5b1bd431de3832c407eab4noirin { kSupIFT_Dll, kSupID_AppPrivArch, true, "VBoxNetDHCP" SUPLIB_DLL_SUFF },
9530629c5ba74f47ba0bad2cd4f432c9c5cd4ff4slive/** Array parallel to g_aSupInstallFiles containing per-file status info. */
844a895a7e909808ee5b1bd431de3832c407eab4noirinstatic SUPVERIFIEDFILE g_aSupVerifiedFiles[RT_ELEMENTS(g_aSupInstallFiles)];
9530629c5ba74f47ba0bad2cd4f432c9c5cd4ff4slive/** Array index by install directory specifier containing info about verified directories. */
844a895a7e909808ee5b1bd431de3832c407eab4noirin * Assembles the path to a dirtory.
9530629c5ba74f47ba0bad2cd4f432c9c5cd4ff4slive * @returns VINF_SUCCESS on success, some error code on failure (fFatal
9530629c5ba74f47ba0bad2cd4f432c9c5cd4ff4slive * decides whether it returns or not).
b442af56a5e2104663b84fb345c070ce185d4ab3slive * @param enmDir The directory.
b442af56a5e2104663b84fb345c070ce185d4ab3slive * @param pszDst Where to assemble the path.
int rc;
switch (enmDir)
case kSupID_AppBin: /** @todo fix this AppBin crap (uncertain wtf some binaries actually are installed). */
case kSupID_Bin:
case kSupID_SharedLib:
case kSupID_AppPrivArch:
case kSupID_AppPrivArchComp:
case kSupID_AppPrivNoArch:
return rc;
* @param fWithFilename If set, the filename is included, otherwise it is omitted (no trailing slash).
static int supR3HardenedMakeFilePath(PCSUPINSTFILE pFile, char *pszDst, size_t cchDst, bool fWithFilename, bool fFatal)
return rc;
#if defined(RT_OS_WINDOWS)
NULL,
NULL);
if (fd >= 0)
"supR3HardenedVerifyDir: Cannot trust the directory \"%s\": group and/or other writable (st_mode=0%lo)\n",
return rc;
#if defined(RT_OS_WINDOWS)
NULL,
NULL);
if (fLeaveFileOpen)
if (fd >= 0)
if (fLeaveFileOpen)
"supR3HardenedVerifyFileInternal: Cannot trust the file \"%s\": group and/or other writable (st_mode=0%lo)\n",
return rc;
return rc;
#if defined(RT_OS_WINDOWS)
return VINF_SUCCESS;
return rc;
return VERR_NOT_FOUND;
bool fExe = false;
bool fDll = false;
if (fDll)
fDll = true;
if (fExe)
fExe = true;
int rc2 = supR3HardenedPathProgram(szFilename, sizeof(szFilename) - cchProgName - sizeof(SUPLIB_EXE_SUFF));
else if (!fExe)
else if (!fDll)
return rc;
if (pszProgName)
return rc;
return VERR_VERSION_MISMATCH;
return VERR_VERSION_MISMATCH;
return VERR_WRONG_ORDER;
return VINF_SUCCESS;