On Thu, Jan 20, 2011 at 09:21, Michal Šebeň wrote:
hi folks,
as you might know, since virtualbox 4.0.0 "usb guest support" feature is now open source code, but during tests i found the problem : virtualbox needs full access to usb nodes, which of course, could lead to serious security problem (see bnc#664520 for details) - this means that (currently) virtualbox (provided by suse) doesn't have usb guest support enabled, by default
So went to read the bug report. https://bugzilla.novell.com/show_bug.cgi?id=664520 Have I got this right? .... this "security hole" could allow someone who already has full user rights on the OS to access information that he or she essentially already has rights and access to? That seems like a real non-issue to me... like the Linux exploits that gives someone with root access a way to get root access... Under what conditions would this USB access be a risk? C. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org