[vbox-dev] Does NATNetwork require VBoxNetNAT to be suid?
klaus.espenlaub at oracle.com
Mon Apr 10 11:45:39 UTC 2017
On 09.04.2017 20:35, Larry Finger wrote:
> The openSUSE change log for VB 5.0.20 contains the line "* NAT Network:
> File VBoxNetNAT no longer requires suid". (See
> https://lists.opensuse.org/opensuse-updates/2016-06/msg00002.html) I am
> not able, however, to find the corresponding line in the Oracle version
> of the changelog at https://www.virtualbox.org/wiki/Changelog-5.0.
Because it doesn't exist. From what I can tell this change will simply
sabotage NAT Network.
For doing its job VBoxNetNAT needs to connect to an internal network,
and that's only possible (when hardening is in effect, which it should
be on all serious packages) if it's suid root.
> Does anyone have any recollection of changes in suid for
> /usr/lib/virtualbox/VBoxNetNAT? My problem is that NATNetwork mode does
> not work unless I set suid for that file. I'm wondering if there is some
> other problem with the spec file that openSUSE is using to build our RPM.
Wonder if the error symptoms are too subtle, tricking the openSUSE
package maintainer into thinking suid is optional in this case. It's not.
More information about the vbox-dev