On Fri, Feb 20, 2015 at 7:39 AM, Mirimir <mirimir@riseup.net> wrote:
On 02/20/2015 03:50 AM, grarpamp wrote:
On Thu, Feb 19, 2015 at 7:35 PM, Mirimir <mirimir@riseup.net> wrote:
VirtualBox in Linux doesn't require root rights. I just checked htop on the host, and all VM processes are running as user. And visudo shows nothing about VirtualBox.
It may be setuid and switching users, or kernel module or helper program or something, otherwise vbox docs about pointing at /dev/sdx are bogus because the raw devices aren't available to non root users. I didn't read vbox docs closely.
OK, I'll dig. It might be that mounting physical disks on the host requires root rights. But that's obviously insecure. What concerns me is guest access to the host's disk firmware when using VDIs.
How would I test that? I suppose that I could setup a VM to boot from an HDD, and then see if I can flash the HDD's firmware. But I'm not the NSA, and so only success would be probative. But hey, I'll take a shot.
http://www.t13.org/documents/UploadedDocuments/docs2008/d1699r6a-ata8-acs.pd... With whatever windows tools you find. Probably sdparm hdparm on linux. camcontrol's cmd capabilities and cam(4) debug options on freebsd. I wouldn't try to flash or fuzz a drive you can't afford to brick.
Not a problem. I have a bunch of retired disks.