We have a user on a department administered Ubuntu machine who wants admin access that we won't be
able to grant. We can let it host a Ubuntu virtualbox guest and let him have admin privs in the guest.
The question is what do we need to do to be sure that this provides nothing beyond normal user privs
outside the guest "sandbox".
Ubuntu Guest on Ubuntu Host Security?
-
socratis
- Site Moderator
- Posts: 27329
- Joined: 22. Oct 2010, 11:03
- Primary OS: Mac OS X other
- VBox Version: PUEL
- Guest OSses: Win(*>98), Linux*, OSX>10.5
- Location: Greece
Re: Ubuntu Guest on Ubuntu Host Security?
Nothing. You need to do absolutely nothing. The VirtualBox app runs in the user context, so whatever your user can do (reading/writing/networking) in the host, they can do in their application.
For a related, recently revived discussion, take a look at: Cryptolocker, Ransomware and VMs. There are other threads that you can search for...
For a related, recently revived discussion, take a look at: Cryptolocker, Ransomware and VMs. There are other threads that you can search for...
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
-
kmand
- Posts: 28
- Joined: 16. Nov 2009, 17:20
- Primary OS: Ubuntu other
- VBox Version: OSE Debian
- Guest OSses: winxp
Re: Ubuntu Guest on Ubuntu Host Security?
what about configuration issues like bridged vs nat? Can we exclude bridged?
-
socratis
- Site Moderator
- Posts: 27329
- Joined: 22. Oct 2010, 11:03
- Primary OS: Mac OS X other
- VBox Version: PUEL
- Guest OSses: Win(*>98), Linux*, OSX>10.5
- Location: Greece
Re: Ubuntu Guest on Ubuntu Host Security?
VirtualBox installs a "filter driver" for each network card in order to enable Bridged networking. You'd have to wait for a Linux expert to tell you how to disable that filter from either being installed or being active, since you cannot prevent the configuration from within VirtualBox.
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.