Bug ID | 1041137 |
---|---|
Summary | Incorrect warning message about USB passthru risk in VirtualBox |
Classification | openSUSE |
Product | openSUSE Distribution |
Version | Leap 42.3 |
Hardware | Other |
OS | Other |
Status | NEW |
Severity | Normal |
Priority | P5 - None |
Component | Virtualization:Tools |
Assignee | virt-bugs@suse.de |
Reporter | moritzrakow@web.de |
QA Contact | qa-bugs@suse.de |
Found By | --- |
Blocker | --- |
## Overview On first start of VirtualBox, a message pops up (full text below) that warns the user of risky USB passthru. The message implies that risky USB passthru is the default option, and to avoid the security hole, some file in /etc/udev needs to be edited. >From Bug 1041117 it became clear that message is misleading or incorrect: USB passthru is by default *disabled* and needs privileges to opt *in*. ## Steps to reproduce 1. Install VirtualBox. 2. Start VirtualBox. ## Actual result (Full text of the warning message) > USB passthru opens a security hole. Please read > > https://bugzilla.novel.com/show_bug.cgi?id=664520 > > to understand the problem. If you really want/need to use USB passthru > and are willing to accept the security risk, then do nothing. To plug the > security hole, remove all 'usb' lines from /etc/udev/rules.d/60- > vboxdrv.rules. > > This message will not be seen again! In my interpretation of this, the security risk is said to be the default. ## Expected result The warning communicates that the default choice is the safe one, and the risky option needs to be enabled by modifying the associated file. ## Build and hardware Leap 42.3 build 0253. ## Additional information Issue was initially discussed as Bug 1041117.