Welcome to Soft32 Linux Forums!
FAQFAQ    SearchSearch      ProfileProfile    Private MessagesPrivate Messages   Log inLog in

Bug#553918: virtualbox-ose-source: Please, make dkms a rec..

  
   Soft32 Home -> Linux -> Bugs Dist RSS
Next:  Micoshaft falling apart  
Author Message
Wolfgang Walter

External


Since: Nov 06, 2009
Posts: 2



(Msg. 1) Posted: Fri Nov 06, 2009 3:20 pm
Post subject: Bug#553918: virtualbox-ose-source: Please, make dkms a recommendation.
Archived from groups: linux>debian>bugs>dist (more info?)
Package: virtualbox-ose-source
Version: 3.0.10-dfsg-1
Severity: normal

virtualbox-ose-source now (without warning) uses dkms and calls it
automatically.

This has several problems:

1) It builds (or at least tries to) the modules even if you do not want them
for the kernel running on the machine. This is very common if you compile
kernels and modules for several machines on a special machine.

2) It therefor runs as root. And it even does if /lib/modules/<installed
kernel>/source points to a non privileged build directory which is a security
problem.

3) If you built a different kernel in /lib/modules/<installed kernel>/source/
you may get a problem.

virtualbox-ose-source should not depend on dkms. If dkms is not installed
virtualbox-ose-source should not call it.

If dkms ist installed virtualbox-ose-source should ask if the user wishes to
build the modules automatically at installation time or if he preferes to do
so manually. (Maybe this should be a option for dkms itself).

For compatibility virtualbox-ose-source could install a traditional *.tar.bz2
in /usr/src, btw.


Regards,
--
Wolfgang Walter



--
To UNSUBSCRIBE, email to debian-bugs-dist-REQUEST.TakeThisOut@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster.TakeThisOut@lists.debian.org
Back to top
Login to vote
Michael Meskes

External


Since: Nov 21, 2006
Posts: 143



(Msg. 2) Posted: Thu Nov 12, 2009 5:20 am
Post subject: Bug#553918: [Pkg-virtualbox-devel] Bug#553918: virtualbox-ose-source: Please, make dkms a recommendation. [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
On Fri, Nov 06, 2009 at 08:06:33PM +0100, Wolfgang Walter wrote:
> 2) It therefor runs as root. And it even does if /lib/modules/<installed
> kernel>/source points to a non privileged build directory which is a security
> problem.

I don't really see where the security problem is here. Would you mind explaining it?

Michael
--
Michael Meskes
Michael at Fam-Meskes dot De, Michael at Meskes dot (De|Com|Net|Org)
Michael at BorussiaFan dot De, Meskes at (Debian|Postgresql) dot Org
ICQ: 179140304, AIM/Yahoo/Skype: michaelmeskes, Jabber: meskes.DeleteThis@jabber.org
VfL Borussia! Forca Barca! Go SF 49ers! Use: Debian GNU/Linux, PostgreSQL



--
To UNSUBSCRIBE, email to debian-bugs-dist-REQUEST.DeleteThis@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster.DeleteThis@lists.debian.org
Back to top
Login to vote
Wolfgang Walter

External


Since: Nov 06, 2009
Posts: 2



(Msg. 3) Posted: Thu Nov 12, 2009 7:20 am
Post subject: Bug#553918: [Pkg-virtualbox-devel] Bug#553918: virtualbox-ose-source: Please, make dkms a recommendation. [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Am Donnerstag, 12. November 2009 schrieb Michael Meskes:
> On Fri, Nov 06, 2009 at 08:06:33PM +0100, Wolfgang Walter wrote:
> > 2) It therefor runs as root. And it even does if /lib/modules/<installed
> > kernel>/source points to a non privileged build directory which is a
> > security problem.
>
> I don't really see where the security problem is here. Would you mind
> explaining it?
>

Say you built your kernel as user foo on one machine.

Say
/lib/modules/2.6.31.6/source
or
/lib/modules/2.6.31.6/build
therefor may points to
/home/foo/kernels/linux-2.6.31.6


Now you install that kernel on a different machine "exposed" where user foo
exists, too.

You now have to trust machine "exposed". You must trust foo@exposed that it
does not provide a manipulated /home/foo/kernels/linux-2.6.31.6 which will
either produce a trojaned kernel module or simply uses errors in dkms, gcc,
binutils, ... to gain root access.

I think virtualbox should do it like other similar packages which build kernel
modules:

virtualbox-ose-source for building binary-modules as self-sufficent
deb-packages

virtualbox-ose-dkms for the dkms approach

Sehe batman-adv-source|dkms or openafs-modules-source|dkms

Regards,
--
Wolfgang Walter
Studentenwerk München
Anstalt des öffentlichen Rechts
Leiter EDV
Leopoldstraße 15
80802 München
Tel: +49 89 38196 276
Fax: +49 89 38196 150
Email: wolfgang.walter DeleteThis @stwm.de
http://www.studentenwerk-muenchen.de/



--
To UNSUBSCRIBE, email to debian-bugs-dist-REQUEST DeleteThis @lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster DeleteThis @lists.debian.org
Back to top
Login to vote
Display posts from previous:   
Related Topics:
Bug#435582: RFP: jaaa -- jaaa is an audio signal generator.. - Package: wnpp Severity: wishlist * Package name : jaaa Version : 0.4.2 Upstream Author : Fons..

Bug#435553: Add search on package names - Package: reportbug-ng Version: 0.2007.07.19 Severity: wishlist --- Please enter the report below this line. --- I..

Bug#431170: The way to keep entity is documented in debian.. - Hi, It was a bit ambiguous but debiandoc-sgml-doc has appendix which goes in details how to keep entity. Osamu -- ...

Bug#435552: Doesn't detect debcontrol files in non-debian/.. - Package: vim-runtime Version: 1:7.1-022+1 Severity: minor Tags: patch Hi, "vi control" on a debcon...

Bug#435554: pidgin: Info text in About dialog scrolls down - Package: pidgin Version: 2.1.0-1 Severity: minor -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 When opening the About...

Bug#417674: new versions available - Dear Baishampayan, Please do consider packaging the latest version. Thanks. Kumar -- Kumar Appaiah, 458, Jamuna..
       Soft32 Home -> Linux -> Bugs Dist All times are: Pacific Time (US & Canada) (change)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Categories:
 Windows
  Linux
 Mac
 PDA

[ Contact us | Terms of Service/Privacy Policy ]