[vbox-dev] Does NATNetwork require VBoxNetNAT to be suid?
Sérgio Basto
sergio at serjux.com
Tue Apr 11 10:27:51 GMT 2017
On Seg, 2017-04-10 at 13:45 +0200, Klaus Espenlaub wrote:
> Hi Larry,
>
> On 09.04.2017 20:35, Larry Finger wrote:
> >
> > The openSUSE change log for VB 5.0.20 contains the line "* NAT
> > Network:
> > File VBoxNetNAT no longer requires suid". (See
> > https://lists.opensuse.org/opensuse-updates/2016-06/msg00002.html)
> > I am
> > not able, however, to find the corresponding line in the Oracle
> > version
> > of the changelog at https://www.virtualbox.org/wiki/Changelog-5.0.
>
> Because it doesn't exist. From what I can tell this change will
> simply
> sabotage NAT Network.
>
> For doing its job VBoxNetNAT needs to connect to an internal
> network,
> and that's only possible (when hardening is in effect, which it
> should
> be on all serious packages) if it's suid root.
>
> >
> > Does anyone have any recollection of changes in suid for
> > /usr/lib/virtualbox/VBoxNetNAT? My problem is that NATNetwork mode
> > does
> > not work unless I set suid for that file. I'm wondering if there is
> > some
> > other problem with the spec file that openSUSE is using to build
> > our RPM.
>
> Wonder if the error symptoms are too subtle, tricking the openSUSE
> package maintainer into thinking suid is optional in this case. It's
> not.
Thanks for the clarification I also use VBoxNetNAT suid in RPMFusion
rpms , maybe that should be state somewhere ...
> Klaus
>
> >
> >
> > Thanks,
> >
> > Larry
> _______________________________________________
> vbox-dev mailing list
> vbox-dev at virtualbox.org
> https://www.virtualbox.org/mailman/listinfo/vbox-dev
--
Sérgio M. B.
More information about the vbox-dev
mailing list