9Advanced topics

reverse the order of byte 6 and 7.

Using this conversion you will get identical results when converting the binary UUID to the string representation.

The second arguments contains information about the guest authentication status. For the first call, it is always set to VRDPAuthGuestNotAsked. In case the function returns VRDPAuthDelegateToGuest, a guest authentication will be attempted and another call to the method is made with its result. This can be either granted / de- nied or no judgement (the guest component chose for whatever reason to not make a decision). In case there is a problem with the guest authentication module (e.g. the Additions are not installed or not running or the guest did not respond within a timeout), the “not reacted” status will be returned.

9.4 Secure labeling with VBoxSDL

When running guest operating systems in fullscreen mode, the guest operating system usually has control over the whole screen. This could present a security risk as the guest operating system might fool the user into thinking that it is either a different system (which might have a higher security level) or it might present messages on the screen that appear to stem from the host operating system.

In order to protect the user against the above mentioned security risks, the secure labeling feature has been developed. Secure labeling is currently available only for VBoxSDL. When enabled, a portion of the display area is reserved for a label in which a user defined message is displayed. The label height in set to 20 pixels in VBoxSDL. The label font color and background color can be optionally set as hexadecimal RGB color values. The following syntax is used to enable secure labeling:

VBoxSDL --startvm VMNAME

--securelabel --seclabelfnt ~/fonts/arial.ttf

--seclabelsiz 14 --seclabelfgcol 00FF00 --seclabelbgcol 00FFFF

In addition to enabling secure labeling, a TrueType font has to be supplied. To use another font size than 12 point use the parameter --seclabelsiz.

The label text can be set with

VBoxManage setextradata VMNAME "VBoxSDL/SecureLabel" "The Label"

Changing this label will take effect immediately.

Typically, full screen resolutions are limited to certain “standard” geometries such as 1024 x 768. Increasing this by twenty lines is not usually feasible, so in most cases, VBoxSDL will chose the next higher resolution, e.g. 1280 x 1024 and the guest’s screen will not cover the whole display surface. If VBoxSDL is unable to choose a higher resolution, the secure label will be painted on top of the guest’s screen surface. In order to address the problem of the bottom part of the guest screen being hidden, VBoxSDL can provide custom video modes to the guest that are reduced by the height of the label. For Windows guests and recent Solaris and Linux guests, the VirtualBox Guest

131

Page 130 Page 132
Page 131
Image 131
Sun Microsystems 3.0.0 user manual Secure labeling with VBoxSDL, Changing this label will take effect immediately
Page 130 Page 132
Top Page Image Contents