Summary: it's possible to transfer files freely between host and VMs, without being restricted to declared Shared Folders.
I'm running VMWare Player 6.0.3 + Tools under Win7/32, in general without problems. However, I've just discovered what seems to be a major security issue; it may have been there for years, I never checked. On both a CentOS Linux VM and a Windows XP VM I have set Shared Folders to Always enabled; two folders are shared, C:\Users\<name>\Desktop\VMWare (a subdirectory on the desktop) and R:\ (a RAM drive). "Map as a network drive in Windows guests" is ticked in the Windows VM. There is no option for one folder to be always shared, the other only until next poweroff (re point 2 below). I made a few tests, and was easily able to drag and drop files from both VMs (running one at a time) to the host WITHOUT RESTRICTION TO THE SHARED FOLDERS; I copied files from VM desktop to host desktop (not the declared "VMWare" directory), from host desktop to VM desktop, and from a random host directory (C:\TMP) to the VM and then back to the host desktop.
1. Serious, major issue: the VM seems to have free run of the host, not just the shared directories.
2. Minor point: the VMX file (all sharedFolder entries listed below) indicates <sharedFolder0.expiration = "session"> but <sharedFolder1.expiration = "never">; shouldn't they be the same, "never" as Shares Folders are Always enabled?
I have set shared folders up only via Settings, not direct VMX editing. The VMX has:
sharedFolder.maxNum = "2"
sharedFolder0.present = "TRUE"
sharedFolder0.enabled = "TRUE"
sharedFolder0.readAccess = "TRUE"
sharedFolder0.writeAccess = "TRUE"
sharedFolder0.hostPath = "C:\Users\<name>\Desktop\VMWare"
sharedFolder0.guestName = "Xfer"
sharedFolder0.expiration = "session"
sharedFolder1.present = "TRUE"
sharedFolder1.enabled = "TRUE"
sharedFolder1.readAccess = "TRUE"
sharedFolder1.writeAccess = "TRUE"
sharedFolder1.hostPath = "R:\"
sharedFolder1.guestName = "RamDrive"
sharedFolder1.expiration = "never"
This worries me; I sometimes deliberately try to expose VMs to viruses, in the expectation that there is a Chinese wall between host and VM, save for the shared directories.
Am I dong something wrong, is this expected behaviour, or is it a VMWare Player error?
Best wishes