On Thu, Jan 20, 2011 at 09:21, Michal Šebeň wrote:
as you might know, since virtualbox 4.0.0 "usb guest support" feature
is now open source code,
but during tests i found the problem : virtualbox needs full access to
usb nodes, which of course, could lead to serious security problem
(see bnc#664520 for details) - this means that (currently) virtualbox
(provided by suse) doesn't have usb guest support enabled, by default
So went to read the bug report.
Have I got this right? .... this "security hole" could allow someone
who already has full user rights on the OS to access information that
he or she essentially already has rights and access to?
That seems like a real non-issue to me... like the Linux exploits that
gives someone with root access a way to get root access...
Under what conditions would this USB access be a risk?
To unsubscribe, e-mail: opensuse-factory+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-factory+help(a)opensuse.org