Opened 13 years ago
Closed 13 years ago
#9478 closed enhancement (wontfix)
VBox guest additions should have precompiled modules for Linux
| Reported by: | Rainmaker | Owned by: | |
|---|---|---|---|
| Component: | guest additions | Version: | VirtualBox 4.1.2 |
| Keywords: | Cc: | ||
| Guest type: | Linux | Host type: | other |
Description
Installing the guest utils on Linux currently requires a lot of dependencies, such as kernel-devel, kernel-headers, gcc and perl.
Though there are some distributions including this software as standard, when building servers, you typically refrain from installing things like GCC and Perl on the server. This makes it easier for an attacker to exploit.
Therefor, I would suggest adding a couple of precompiled binary modules on the guest additions CD. This doesn't have to be for all 2.4 / 2.6 kernels, but just the ones most commonly used (such as 2.6.9 for RHEL4, 2.6.18 for RHEL5 and 2.6.32 for RHEL6 would be a good start).
The installer should also try to load the module and see if it will load on the running kernel, instead of immediately trying to build a new one once the version mismatches.
Change History (5)
comment:1 by , 13 years ago
| Resolution: | → wontfix |
|---|---|
| Status: | new → closed |
comment:2 by , 13 years ago
Just wanted to add that you might be better trying to get distributions to keep up-to-date modules around for different Guest Additions versions (tracking major releases should be enough as a kernel module for e.g. version 4.1.2 of the Additions should work with user space tools from 4.1.0 if anything gets mixed up).
comment:3 by , 13 years ago
| Resolution: | wontfix |
|---|---|
| Status: | closed → reopened |
Well, I don't want to flame / troll here, but VMWare guest tools are able to do this.
Their installer tries to load a module, and sees if it will load in the running kernel. If it does, all is fine. If it doesn't, the installer compiles one from source.
I'm not sure how they do this, with vermagic and things, but it seems to be technically possible. Maybe they are using modprobe --force (which strips vermagic).
I know it's easier to let the distribution keep up to date modules, but a lot of linux distros are short of package maintainers as it is.
comment:4 by , 13 years ago
Nevertheless we will not do this. modprobe --force is not an option. We already have enough problems to solve and are not keen in debugging problems which result from forcing incompatible modules being load into the kernel. And you cannot really expect us to provide kernel modules for Linux distributions which are short of package maintainers, sorry.
comment:5 by , 13 years ago
| Resolution: | → wontfix |
|---|---|
| Status: | reopened → closed |
That's just not possible, even not for the few major Linux distributions. As soon as a kernel version changes, a recompiled kernel module is required.