[vbox-dev] Question about setuid-to-root privileges required for Virtual Box binaries on Linux
Knut St. Osmundsen
knut.osmundsen at oracle.com
Sat Mar 15 17:37:15 UTC 2014
I hope you will forgive us our reluctance to discuss product security in
details in public forums. I can assure you, though, that the
set-uid-to-root approach is a necessary and, to our knowledge, secure
measure. Below I've give a couple of clues to help you a tiny bit along.
On 3/14/2014 9:55 PM, Kavita Agarwal wrote:
> There seems to exist a cookie based authentication mechanism for these
> requests. However, static cookie values are used - which may explain
> the need to restrict these requests to be issued by only root to avoid
> an attacker messing with a running VM.
The cookies are still there for hysterical raisins, dating back to long
before VirtualBox was open sourced (IIRC) and the world was a different
place security wise.
> If the /dev/vboxdrv is opened for access to all, a possible attack can
> be that the attacker will guess the pSession pointer and use that as
> an argument in pReq to send fake ioctl requests for other VMs.
If you study the SUPDrv-linux.c file, you will see that the pSession
pointer is associated with the file descriptor for /dev/vboxdrv.
> Please let us know if we are missing something or is our understanding
I'm sorry to have to say this, but I'm afraid your understanding is far
from complete at this point, both with respect to what vboxdrv is
capable of doing and how it works. VirtualBox has become a relatively
complicated affair over the years, so figuring out the more paranoid
parts isn't necessarily straight forward.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the vbox-dev