On Tue, Jun 15, 2010 at 09:04:34AM +0200, Frank Mehnert wrote: > You are correct that these binaries are suid root but your deduction > is wrong. These binaries need access to a kernel interface which is > provided by the VirtualBox kernel modules. This interface can be used > to harm complete machine including the kernel. So the access to this > interface must be restricted.
out of curiosity, why is it that all other kernel module-using software (e.g. nvidia, fglrx, kvm, etc...) are able to get by without setting their binaries suid? the fact that only virtualbox requires suid binaries leads me to believe that this is actually a design flaw. > It is NOT sufficient to restrict the access to this kernel interface > to certain users (by choosing proper permissions for /dev/vboxdrv) > but it must be restricted to certain applications as well. The usual > practise for doing so is to make the binary suid root. The binary > will open the restricted interface and will then drop the privileges > immediately keeping the interface open. This guarantees that only > dedicated applications can access this kernel interface. that also provides a potential window for attackers to escalate privileges through that interface. would it make sense to spend some time evaluating the kvm (etc...) interface and adopt their approach if it is reasonable? best wishes, mike -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
