Paul et all, On Saturday 01 November 2008, Paul Wise wrote: > By creating a symlink /tmp/.vbox-$USER-ipc/lock an attacker can > overwrite any file owned by any user who starts virtualbox. Starting and > then exiting virtualbox is enough to trigger this, you don't need to > start any virtual machines.
Thanks for this report. > In addition to this, it is a really stupid idea to put dotfiles in /tmp > and this should be fixed too. I'm not sure if this is stupid or not. At least the .vbox-* directories are not the only .dotfile directories in /tmp. > In addition to this, virtualbox does not clean up /tmp/.vbox-$USER-ipc/ > when exiting, which is just rude. We will fix that later. I hope our fix is sufficient. The changesets r13788, r13807, r13809, r13810 should check the permissions. These changesets should apply to 1.6.6 and 2.0 as well. Kind regards, Frank -- Dr.-Ing. Frank Mehnert Sun Microsystems http://www.sun.com/
signature.asc
Description: This is a digitally signed message part.
