[vbox-dev] Question about setuid-to-root privileges required for Virtual Box binaries on Linux

Knut St. Osmundsen knut.osmundsen at oracle.com
Sat Mar 15 17:37:15 GMT 2014

Hi Kavita,

I hope you will forgive us our reluctance to discuss product security in 
details in public forums.  I can assure you, though, that the 
set-uid-to-root approach is a necessary and, to our knowledge, secure 
measure.  Below I've give a couple of clues to help you a tiny bit along.

On 3/14/2014 9:55 PM, Kavita Agarwal wrote:
> There seems to exist a cookie based authentication mechanism for these 
> requests. However, static cookie values are used - which may explain 
> the need to restrict these requests to be issued by only root to avoid 
> an attacker messing with a running VM.
The cookies are still there for hysterical raisins, dating back to long 
before VirtualBox was open sourced (IIRC) and the world was a different 
place security wise.

> If the /dev/vboxdrv is opened for access to all, a possible attack can 
> be that the attacker will guess the pSession pointer and use that as 
> an argument in pReq to send fake ioctl requests for other VMs.
If you study the SUPDrv-linux.c file, you will see that the pSession 
pointer is associated with the file descriptor for /dev/vboxdrv.

> Please let us know if we are missing something or is our understanding 
> correct?
I'm sorry to have to say this, but I'm afraid your understanding is far 
from complete at this point, both with respect to what vboxdrv is 
capable of doing and how it works.  VirtualBox has become a relatively 
complicated affair over the years, so figuring out the more paranoid 
parts isn't necessarily straight forward.

Kind Regards,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.virtualbox.org/pipermail/vbox-dev/attachments/20140315/8f016ee8/attachment.html>

More information about the vbox-dev mailing list