Auf 20.01.2011 10:03, Josef Reidinger schrieb:
C write:
On Thu, Jan 20, 2011 at 09:21, Michal Šebeň wrote:
hi folks,
but during tests i found the problem : virtualbox needs full access to usb nodes, which of course, could lead to serious security problem (see bnc#664520 for details) - this means that (currently) virtualbox (provided by suse) doesn't have usb guest support enabled, by default
So went to read the bug report. https://bugzilla.novell.com/show_bug.cgi?id=664520
Under what conditions would this USB access be a risk?
If I understand that bug correctly, then problem is that VBox has full right to access usb ports. So if you run virtual machine and someone use any security hole in Virtual box, then he can with permissions of virtual box sniff e.g. USB keyboard, mouse etc. So problem is that someone who doesn't have full user rights (just vboxuser right) can sniff USB devices and also send output there (consider what you can put to USB).
AFAICS it could be used by the software inside a virtual machine to break out and even get root, e.g. if you booted from a USB disk and that USB disk is accessible directly from inside the virtual machine. Some people use virtualization as a secure sandbox for untrusted code, and they want to make sure that the code inside the VM never can break out (get user rights). Regards, Carl-Daniel -- http://www.hailfinger.org/ -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org