From Bug 1041117 it became clear that message is misleading or incorrect: USB
http://bugzilla.opensuse.org/show_bug.cgi?id=1041137 Bug ID: 1041137 Summary: Incorrect warning message about USB passthru risk in VirtualBox Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.3 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Virtualization:Tools Assignee: virt-bugs@suse.de Reporter: moritzrakow@web.de QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- ## Overview On first start of VirtualBox, a message pops up (full text below) that warns the user of risky USB passthru. The message implies that risky USB passthru is the default option, and to avoid the security hole, some file in /etc/udev needs to be edited. passthru is by default *disabled* and needs privileges to opt *in*. ## Steps to reproduce 1. Install VirtualBox. 2. Start VirtualBox. ## Actual result (Full text of the warning message)
USB passthru opens a security hole. Please read
https://bugzilla.novel.com/show_bug.cgi?id=664520
to understand the problem. If you really want/need to use USB passthru and are willing to accept the security risk, then do nothing. To plug the security hole, remove all 'usb' lines from /etc/udev/rules.d/60- vboxdrv.rules.
This message will not be seen again!
In my interpretation of this, the security risk is said to be the default. ## Expected result The warning communicates that the default choice is the safe one, and the risky option needs to be enabled by modifying the associated file. ## Build and hardware Leap 42.3 build 0253. ## Additional information Issue was initially discussed as Bug 1041117. -- You are receiving this mail because: You are on the CC list for the bug.