Mailinglist Archive: opensuse-bugs (4297 mails)

< Previous Next >
[Bug 1041137] New: Incorrect warning message about USB passthru risk in VirtualBox
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Sun, 28 May 2017 19:07:06 +0000
  • Message-id: <bug-1041137-21960@http.bugzilla.opensuse.org/>
http://bugzilla.opensuse.org/show_bug.cgi?id=1041137


Bug ID: 1041137
Summary: Incorrect warning message about USB passthru risk in
VirtualBox
Classification: openSUSE
Product: openSUSE Distribution
Version: Leap 42.3
Hardware: Other
OS: Other
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Virtualization:Tools
Assignee: virt-bugs@xxxxxxx
Reporter: moritzrakow@xxxxxx
QA Contact: qa-bugs@xxxxxxx
Found By: ---
Blocker: ---

## Overview

On first start of VirtualBox, a message pops up (full text below) that warns
the user of risky USB passthru. The message implies that risky USB passthru is
the default option, and to avoid the security hole, some file in /etc/udev
needs to be edited.

From Bug 1041117 it became clear that message is misleading or incorrect: USB
passthru is by default *disabled* and needs privileges to opt *in*.

## Steps to reproduce

1. Install VirtualBox.
2. Start VirtualBox.

## Actual result

(Full text of the warning message)
USB passthru opens a security hole. Please read

https://bugzilla.novel.com/show_bug.cgi?id=664520

to understand the problem. If you really want/need to use USB passthru
and are willing to accept the security risk, then do nothing. To plug the
security hole, remove all 'usb' lines from /etc/udev/rules.d/60-
vboxdrv.rules.

This message will not be seen again!

In my interpretation of this, the security risk is said to be the default.

## Expected result

The warning communicates that the default choice is the safe one, and the risky
option needs to be enabled by modifying the associated file.

## Build and hardware

Leap 42.3 build 0253.

## Additional information

Issue was initially discussed as Bug 1041117.

--
You are receiving this mail because:
You are on the CC list for the bug.
< Previous Next >
This Thread
  • No further messages