On Friday 05 September 2014 06:35 PM, Evgeny Kapun wrote:
Virtualbox lets any local user create and configure network interfaces
(vboxnet*), and also send and receive traffic through them. It also lets users
bridge their VMs to other network interfaces. Normally, such operations are
reserved for users with CAP_NET_ADMIN capability for a good reason. Such
actions can be used to disrupt other users' communications, capture their
network traffic and even perform MITM attacks against them.
THanks for this bug report. After your bug report, I went and checked
the number of setuid binaries and there are many.
We should contain these to a single user/group (like in libvirt does).
That should be a good start.
--
Ritesh Raj Sarraf
RESEARCHUT - http://www.researchut.com
"Necessity is the mother of invention."