Opened 14 months ago
Last modified 2 months ago
#21809 new defect
Unshared Folder Seems Accessible via Symbolic Links
| Reported by: | hit1t | Owned by: | |
|---|---|---|---|
| Component: | shared folders | Version: | VirtualBox-6.1.44 |
| Keywords: | Cc: | hit1t | |
| Guest type: | Windows | Host type: | Linux |
Description (last modified by )
Hi,
I wanted to discuss something that has caught my attention and might need a bit of assistance. It's related to security, and I believe we've stumbled upon a minor hiccup. Here's what I've observed:
Shared Folder: /home/hit1t/Desktop/OnlySharedFolder
Test Folder: /home/hit1t/test
To provide you with a complete picture, I established a symbolic link to the Test Folder on my Desktop using this command:
ln -s /home/hit1t/test ~/Desktop/test
Now, here comes the interesting part: When I moved this symlink file to the shared directory, it surprisingly allowed access to the 'Test' folder from the Guest OS. This caught my attention because it has the potential to allow users access to information that hasn't been explicitly shared, which could inadvertently compromise security.
Wondering your thoughts on this, thanks
Change History (5)
comment:1 by , 14 months ago
| Description: | modified (diff) |
|---|
follow-up: 4 comment:2 by , 14 months ago
comment:3 by , 14 months ago
| Description: | modified (diff) |
|---|
comment:4 by , 13 months ago
Thanks for sharing your thoughts on that. That's right I meant Symlink file that linked to the folder outside of the 'Shared Folder'. I quite agree with you the security controls and responsibilities can be given to the end-user. There is also nice protections on the Guest box they can't create any symlinks by default.
However, in this case it seemed to me a bit grey area if a host-user mistakenly moved the symlink to the shared folder, or wanted to store some symlinks there I'd expect a permission, consent or a guidance for accepting this risk. Just thinking out loud, without fully understand some of the features of Shared Folder Settings like 'Full Access' or etc. The documentation does not really contain much details of Shared folder from the perspective of Host containerising, rather much about Guest box configuration. If there is any mentioning of use cases of symlinks in details so host-user can be aware of not moving any symlinks there or do it deliberately due to it can breakout the shared folder.
My comments mostly approaching from the end-user perspective, unsure about the scenarios in the commercial appliances aspects and the reflections of this case practices in that view.
I'd be interested to know if there is any documentation as to why would host user worry about using symlink in shared folder.
I mean overall it seems quite the normal usage from the expert technology user perspective, to me as well, just trying to think from real world scenarious the users not perfect never been so I'd wonder we would give this responsibility or did we inform them about this use case as they would consider the 'Shared Folder' is this folder so nothing to worry about.
happy to learn and contribute if i can
Replying to fth0:
Replying to hit1t:
Now, here comes the interesting part: When I moved this linked folder to the shared directory, it surprisingly allowed access to the 'Test' folder from the Guest OS.
I'll assume that you meant that you moved the symlink, not the linked folder.
The VirtualBox User Manual (Shared Folders) documents that symlinks are supported and that the guest by default cannot create symlinks itself. Therefore, I think that the behavior you've described is deliberate.
It is the responsibility of the host's admin when they create a link leading from a shared folder to resources outside of it. Users with access to the shared folder from the host itself (without using a VirtualBox VM) can follow the link, and users inside a VirtualBox VM are probably intended to use the shared folder and anything within (including the symlink) the same way.
Disclaimer: I'm not working for Oracle or the VirtualBox development, so this is just my two cents.
comment:5 by , 2 months ago
The expected behaviour in this scenario wasn't documented which led to the ticket here. We have thus updated the VirtualBox user manual which is included with the product and is also available here:
https://www.virtualbox.org/wiki/Downloads#manual https://www.virtualbox.org/manual/UserManual.html#sharedfolders
to state:
-- If a symbolic link is created inside a shared folder on the host and the installed Guest Additions don't support symbolic links then the guest will see the target of the symlink as a file inside the shared folder. For example, if a symlink is created to a file on a Linux host:
$ cd /SharedFolder && ln -s filename symlink-to-filename
And then the shared folder is viewed on a Windows guest there will be two identical files listed, filename and symlink-to-filename. --
Hopefully this helps provide further guidance on the use of symbolic links created on the host within a shared folder which are then referenced from within a guest which doesn't support symbolic links.


Replying to hit1t:
I'll assume that you meant that you moved the symlink, not the linked folder.
The VirtualBox User Manual (Shared Folders) documents that symlinks are supported and that the guest by default cannot create symlinks itself. Therefore, I think that the behavior you've described is deliberate.
It is the responsibility of the host's admin when they create a link leading from a shared folder to resources outside of it. Users with access to the shared folder from the host itself (without using a VirtualBox VM) can follow the link, and users inside a VirtualBox VM are probably intended to use the shared folder and anything within (including the symlink) the same way.
Disclaimer: I'm not working for Oracle or the VirtualBox development, so this is just my two cents.