[vbox-dev] Does NATNetwork require VBoxNetNAT to be suid?

Sérgio Basto sergio at serjux.com
Tue Apr 11 10:27:51 UTC 2017


On Seg, 2017-04-10 at 13:45 +0200, Klaus Espenlaub wrote:
> Hi Larry,
> 
> On 09.04.2017 20:35, Larry Finger wrote:
> > 
> > The openSUSE change log for VB 5.0.20 contains the line "* NAT
> > Network:
> > File VBoxNetNAT no longer requires suid". (See
> > https://lists.opensuse.org/opensuse-updates/2016-06/msg00002.html)
> > I am
> > not able, however, to find the corresponding line in the Oracle
> > version
> > of the changelog at https://www.virtualbox.org/wiki/Changelog-5.0.
> 
> Because it doesn't exist. From what I can tell this change will
> simply 
> sabotage NAT Network.
> 
> For doing its job VBoxNetNAT needs to connect to an internal
> network, 
> and that's only possible (when hardening is in effect, which it
> should 
> be on all serious packages) if it's suid root.
> 
> > 
> > Does anyone have any recollection of changes in suid for
> > /usr/lib/virtualbox/VBoxNetNAT? My problem is that NATNetwork mode
> > does
> > not work unless I set suid for that file. I'm wondering if there is
> > some
> > other problem with the spec file that openSUSE is using to build
> > our RPM.
> 
> Wonder if the error symptoms are too subtle, tricking the openSUSE 
> package maintainer into thinking suid is optional in this case. It's
> not.

Thanks for the clarification I also use VBoxNetNAT suid in RPMFusion
rpms , maybe that should be state somewhere ... 

> Klaus
> 
> > 
> > 
> > Thanks,
> > 
> > Larry
> _______________________________________________
> vbox-dev mailing list
> vbox-dev at virtualbox.org
> https://www.virtualbox.org/mailman/listinfo/vbox-dev
-- 
Sérgio M. B.


More information about the vbox-dev mailing list