VirtualBox

Ticket #9478 (closed enhancement: wontfix)

Opened 3 years ago

Last modified 3 years ago

VBox guest additions should have precompiled modules for Linux

Reported by: Rainmaker Owned by:
Priority: major Component: guest additions
Version: VirtualBox 4.1.2 Keywords:
Cc: Guest type: Linux
Host type: other

Description

Installing the guest utils on Linux currently requires a lot of dependencies, such as kernel-devel, kernel-headers, gcc and perl.

Though there are some distributions including this software as standard, when building servers, you typically refrain from installing things like GCC and Perl on the server. This makes it easier for an attacker to exploit.

Therefor, I would suggest adding a couple of precompiled binary modules on the guest additions CD. This doesn't have to be for all 2.4 / 2.6 kernels, but just the ones most commonly used (such as 2.6.9 for RHEL4, 2.6.18 for RHEL5 and 2.6.32 for RHEL6 would be a good start).

The installer should also try to load the module and see if it will load on the running kernel, instead of immediately trying to build a new one once the version mismatches.

Change History

comment:1 Changed 3 years ago by frank

  • Status changed from new to closed
  • Resolution set to wontfix

That's just not possible, even not for the few major Linux distributions. As soon as a kernel version changes, a recompiled kernel module is required.

comment:2 Changed 3 years ago by michael

Just wanted to add that you might be better trying to get distributions to keep up-to-date modules around for different Guest Additions versions (tracking major releases should be enough as a kernel module for e.g. version 4.1.2 of the Additions should work with user space tools from 4.1.0 if anything gets mixed up).

comment:3 Changed 3 years ago by Rainmaker

  • Status changed from closed to reopened
  • Resolution wontfix deleted

Well, I don't want to flame / troll here, but VMWare guest tools are able to do this.

Their installer tries to load a module, and sees if it will load in the running kernel. If it does, all is fine. If it doesn't, the installer compiles one from source.

I'm not sure how they do this, with vermagic and things, but it seems to be technically possible. Maybe they are using modprobe --force (which strips vermagic).

I know it's easier to let the distribution keep up to date modules, but a lot of linux distros are short of package maintainers as it is.

comment:4 Changed 3 years ago by frank

Nevertheless we will not do this. modprobe --force is not an option. We already have enough problems to solve and are not keen in debugging problems which result from forcing incompatible modules being load into the kernel. And you cannot really expect us to provide kernel modules for Linux distributions which are short of package maintainers, sorry.

comment:5 Changed 3 years ago by frank

  • Status changed from reopened to closed
  • Resolution set to wontfix
Note: See TracTickets for help on using tickets.

www.oracle.com
ContactPrivacy policyTerms of Use