[vbox-dev] Does NATNetwork require VBoxNetNAT to be suid?
Larry Finger
Larry.Finger at lwfinger.net
Mon Apr 10 16:42:15 GMT 2017
On 04/10/2017 06:45 AM, Klaus Espenlaub wrote:
> Hi Larry,
>
> On 09.04.2017 20:35, Larry Finger wrote:
>> The openSUSE change log for VB 5.0.20 contains the line "* NAT Network:
>> File VBoxNetNAT no longer requires suid". (See
>> https://lists.opensuse.org/opensuse-updates/2016-06/msg00002.html) I am
>> not able, however, to find the corresponding line in the Oracle version
>> of the changelog at https://www.virtualbox.org/wiki/Changelog-5.0.
>
> Because it doesn't exist. From what I can tell this change will simply sabotage
> NAT Network.
>
> For doing its job VBoxNetNAT needs to connect to an internal network, and that's
> only possible (when hardening is in effect, which it should be on all serious
> packages) if it's suid root.
>
>> Does anyone have any recollection of changes in suid for
>> /usr/lib/virtualbox/VBoxNetNAT? My problem is that NATNetwork mode does
>> not work unless I set suid for that file. I'm wondering if there is some
>> other problem with the spec file that openSUSE is using to build our RPM.
>
> Wonder if the error symptoms are too subtle, tricking the openSUSE package
> maintainer into thinking suid is optional in this case. It's not.
Klaus,
Thanks. I thought that was the case, but now I'm sure.
Larry
More information about the vbox-dev
mailing list