[Pkg-virtualbox-devel] Bug#585951: Bug#585951: virtualbox-ose: should not be set suid
Michael Gilbert
michael.s.gilbert at gmail.com
Tue Jun 15 14:59:34 UTC 2010
On Tue, Jun 15, 2010 at 09:04:34AM +0200, Frank Mehnert wrote:
> You are correct that these binaries are suid root but your deduction
> is wrong. These binaries need access to a kernel interface which is
> provided by the VirtualBox kernel modules. This interface can be used
> to harm complete machine including the kernel. So the access to this
> interface must be restricted.
out of curiosity, why is it that all other kernel module-using
software (e.g. nvidia, fglrx, kvm, etc...) are able to get by without
setting their binaries suid? the fact that only virtualbox requires
suid binaries leads me to believe that this is actually a design flaw.
> It is NOT sufficient to restrict the access to this kernel interface
> to certain users (by choosing proper permissions for /dev/vboxdrv)
> but it must be restricted to certain applications as well. The usual
> practise for doing so is to make the binary suid root. The binary
> will open the restricted interface and will then drop the privileges
> immediately keeping the interface open. This guarantees that only
> dedicated applications can access this kernel interface.
that also provides a potential window for attackers to escalate
privileges through that interface.
would it make sense to spend some time evaluating the kvm
(etc...) interface and adopt their approach if it is reasonable?
best wishes,
mike
More information about the Pkg-virtualbox-devel
mailing list