[MacPorts] #30992: virtualbox: enable hardening
MacPorts
noreply at macports.org
Sun Sep 11 08:37:02 PDT 2011
#30992: virtualbox: enable hardening
--------------------------------------+-------------------------------------
Reporter: ryandesign@… | Owner: rmstonecipher@…
Type: enhancement | Status: closed
Priority: Normal | Milestone:
Component: ports | Version: 2.0.1
Resolution: fixed | Keywords:
Port: virtualbox |
--------------------------------------+-------------------------------------
Comment(by ecronin@…):
Replying to [comment:33 carsomyr@…]:
> Ah, I see, we are talking past each other. I was questioning the
necessity of permissions checking inside the VirtualBox hierarchy and not
its parent directories. Still, I wonder why making higher level
directories writeable could possibly allow other users to affect anything
within /Applications/MacPorts/VirtualBox. Still going to put in the
change, though.
Not sure the exact risk of the top of my head, but given the capabilities
of VBox (bunch of setuid root bins talking to kernel extensions with APIs
for raw disk and network access etc) they're obviously very paranoid about
the environment it executes in to prevent being used for priv
escalation...
And actually I'd been misreading item 6 in comment 1 this entire time, it
just talks about things from .../MacPorts and deeper. But I remembered
from when I played with the VirtualBox OSE builds back in the Sun days
that it was the entire path that mattered and was just assuming that's
what it actually said.
Patch looks good to me
--
Ticket URL: <https://trac.macports.org/ticket/30992#comment:35>
MacPorts <http://www.macports.org/>
Ports system for Mac OS
More information about the macports-tickets
mailing list