Bug ID 1041137
Summary Incorrect warning message about USB passthru risk in VirtualBox
Classification openSUSE
Product openSUSE Distribution
Version Leap 42.3
Hardware Other
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component Virtualization:Tools
Assignee virt-bugs@suse.de
Reporter moritzrakow@web.de
QA Contact qa-bugs@suse.de
Found By ---
Blocker --- 

## Overview

On first start of VirtualBox, a message pops up (full text below) that warns
the user of risky USB passthru. The message implies that risky USB passthru is
the default option, and to avoid the security hole, some file in /etc/udev
needs to be edited.

>From Bug 1041117 it became clear that message is misleading or incorrect: USB
passthru is by default *disabled* and needs privileges to opt *in*.

## Steps to reproduce

1.  Install VirtualBox.
2.  Start VirtualBox.

## Actual result

(Full text of the warning message)
>   USB passthru opens a security hole. Please read
>
>   https://bugzilla.novel.com/show_bug.cgi?id=664520
>
>   to understand the problem. If you really want/need to use USB passthru
>   and are willing to accept the security risk, then do nothing. To plug the
>   security hole, remove all 'usb' lines from /etc/udev/rules.d/60-
>   vboxdrv.rules.
>
>   This message will not be seen again!

In my interpretation of this, the security risk is said to be the default.

## Expected result

The warning communicates that the default choice is the safe one, and the risky
option needs to be enabled by modifying the associated file.

## Build and hardware

Leap 42.3 build 0253.

## Additional information

Issue was initially discussed as Bug 1041117.

You are receiving this mail because: