[Bug 1097248] New: USB passthrough opens a security hole in VirtualBox
http://bugzilla.novell.com/show_bug.cgi?id=1097248 Bug ID: 1097248 Summary: USB passthrough opens a security hole in VirtualBox Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.0 Hardware: Other OS: Other Status: NEW Severity: Minor Priority: P5 - None Component: Virtualization:Tools Assignee: virt-bugs@suse.de Reporter: danielm@ecoscentric.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Informational box pops up on first instance and refers to a stale bug 664520 "assumed" to have been closed for 42.1/42.3. Either the bug has been resolved and the informational can be deleted, or the bug should be tracked and fixed :) -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=1097248 http://bugzilla.novell.com/show_bug.cgi?id=1097248#c1 Larry Finger <Larry.Finger@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |WONTFIX --- Comment #1 from Larry Finger <Larry.Finger@gmail.com> --- This is a security hole no matter what version of openSUSE that is running. If the user wants USB passthrough, and deems the risk to be acceptable, they will never see another popup until file /etc/udev/rules.d/60-vboxdrv.rules is removed. Note: This is not a bug that can be fixed easily. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=1097248 http://bugzilla.novell.com/show_bug.cgi?id=1097248#c2 Daniel Morris <danielm@ecoscentric.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|WONTFIX |--- --- Comment #2 from Daniel Morris <danielm@ecoscentric.com> --- That's logical and a reasonable trade-off between feature and security. However, I think the informational box should be updated to state what-is-what, rather then send a new installer on a self-guided archeological tour of bug reports :) -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=1097248 http://bugzilla.novell.com/show_bug.cgi?id=1097248#c3 --- Comment #3 from Larry Finger <Larry.Finger@gmail.com> --- I have made to changes you requested. The revised code will be submitted soon. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=1097248 http://bugzilla.novell.com/show_bug.cgi?id=1097248#c4 --- Comment #4 from Daniel Morris <danielm@ecoscentric.com> --- Thanks Larry. I really appreciate all the work you do as maintainer. VirtualBox is a great utility. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=1097248 http://bugzilla.novell.com/show_bug.cgi?id=1097248#c6 Larry Finger <Larry.Finger@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution|--- |FIXED --- Comment #6 from Larry Finger <Larry.Finger@gmail.com> --- Bug fixed. -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com