> >hehehe, well what got me thinking, is mol runs with root privileges >full time. and macos has no security whatsoever.. so does this mean >that an errant MacOS app can screw with things on the linux side that >would ordinarily be privileged? i would guess not, but its fun to >think about. > >my main concern is the massive setuid root binary that mol is. i >think any debian package should offer to add a group and restrict >permissions to the setuid mol bins.
MOL emulates a virtual machine. So MacOS code cannot access anything outside of this emulated environement. The only security risk I can see is around the fake "drivers" used to communicate between MOL and MacOS. I don't know if they are fully safe against things like buffer overflow attacks or such. Also, make sure not to export to MacOS disk partitions with critical informations ;) Ben.
