The macOS and Windows parts of Multipass are currently closed source, the lack of build instructions is the result of that.Īnd basically the same on May 2021 ( #2087): There’s still no way to build Multipass for Windows.Įven if I were inclined to fix all of that myself, there’s still now way to do it.Ī GitHub issue from April 2020 ( #1465) was closed with:.It’s the same kind of tool, but I cant download a Docker ZIP and “install” it using a tiny PowerShell script from Mirantis, or even do everything myself, since it’s so simple. The installer adds the stuff in HKLM\SYSTEM\CurrentControlSet\Services\Multipass? That’s the big deal? I’ll do it myself, and if you want so much to save me the time give me PowerShell script that does that.Įxamples range from utilities such as WizTree, Everything, Sysinternals Suite, FileTest to “system-level” tools such as even Docker.ĭocker is actually a very good candidate for comparison. There are countless programs that really need admin permissions to run, but still provide binaries in ZIP files etc. Why does the installer has to run as admin? Let’s ignore the previous issue and say Multipass has to run as admin. Why does installing Mutipass require admin permissions?.The principle of least privlege is important not only for security but also for stability and safety. The same problems happens with mounts: Since sshfs_server.exe runs as NT AUTHORITY\SYSTEM it’s too easy to mount a privileged directory into the guest and corrupt it from within. But without admin rights you wouldn’t be able to do that nonsense in the first place. You’re not Windows developer so you don’t know how wrong it is to put your stuff in there. There are already examples of this today: Putting Multipass’ data in C:\Windows\System32\config for starters. If I trust Multipass to not be malicious and not try to get system control from being a member of Hyper-V Administrators, it doesn’t mean that I trust Multipass not to have bugs that can cause harm to my machine by accident, when everything runs as LOCAL_SYSTEM. There’s a difference between the ability of malicious code to use the Hyper-V Administrators permissions to do bad things and being a standard admin/SYSTEM that can completely mess up my system by mistake. Note: I’m not saying that there’s no reason to exploit Hyper-V to get admin privileges from being a member of Hyper-V Administrators. This is a major issue for me and a major reason that prevents me from using Multipass outside of the test machine, even before comparing features in Multipass and alternatives. I don’t run as admin things that don’t have to run as admin. I don’t know about VirtualBox, but I can do all those things with Hyper-V from a non-admin account as long as I’m a member of Hyper-V Administrators, which I am. All of them can be performed as a non-admin. I’m assuming multipassd.exe basically performs the various multipass.exe commands ( launch, start, stop, suspend, exec, etc.). Why does Multipass run as admin? Do multipassd.exe and sshfs_server.exe have to run as NT AUTHORITY\SYSTEM?.I have a few problems and questions revolving around the required permissions for installing and using Multipass. I’ve just recently become aware of Multipass and made a few attempts to use it on a Windows test machine.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |