- Timestamp:
- Sep 6, 2011 4:39:38 PM (13 years ago)
- Location:
- trunk/doc/manual/en_US
- Files:
-
- 2 edited
-
user_GuestAdditions.xml (modified) (1 diff)
-
user_Security.xml (modified) (4 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/doc/manual/en_US/user_GuestAdditions.xml
r38662 r38666 1185 1185 linkend="generalsettings" />).<note> 1186 1186 <para> 1187 Enabling 3D acceleration may expose security holes to malicious 1188 software running in the guest. The 3D host graphics drivers 1189 are often known to contain bugs and might crash with certain 1190 operations. VirtualBox is not hardened enough to prevent every 1191 risky 3D operation on the host. But a VirtualBox guest can not induce 1192 any more harm to the host than any other malicious host application 1193 using the 3D graphics API. 1187 Untrusted guest systems should not be allowed to use 1188 VirtualBox's 3D acceleration features, just as untrusted host 1189 software should not be allowed to use 3D acceleration. Drivers 1190 for 3D hardware are generally too complex to be made properly 1191 secure and any software which is allowed to access them may be 1192 able able to compromise the operating system running them. In 1193 addition, enabling 3D acceleration gives the guest direct access 1194 to a large body of additional program code in the VirtualBox 1195 host process which it might conceivably be able to use to crash 1196 the virtual machine. 1194 1197 </para> 1195 1198 </note></para> -
trunk/doc/manual/en_US/user_Security.xml
r38665 r38666 100 100 </para> 101 101 <para> 102 On Windows hosts, the installer allows to disableUSB support, support102 On Windows hosts, the installer allows for disabling USB support, support 103 103 for bridged networking, support for host-only networking and the Python 104 104 language bindings, see <xref linkend="installation_windows"/>. … … 106 106 of them could be appropriate if the corresponding functionality is not 107 107 required by any virtual machine. The Python language bindings are only 108 required if the VirtualBox API shouldbe used by external Python108 required if the VirtualBox API is to be used by external Python 109 109 applications. In particular USB support and support 110 for the two networking modes induce the installation of Windows kernel111 drivers atthe host. Therefore disabling those selected features can112 not only be used to restrict the user to acertain functionality but113 also to minimize the surface sprovided to a potential attacker. </para>114 <para> 115 The regularcase is to install the complete VirtualBox package. The110 for the two networking modes require the installation of Windows kernel 111 drivers on the host. Therefore disabling those selected features can 112 not only be used to restrict the user to certain functionality but 113 also to minimize the surface provided to a potential attacker. </para> 114 <para> 115 The general case is to install the complete VirtualBox package. The 116 116 installation must be done with system privileges. All VirtualBox binaries 117 117 should be executed as a regular user and never as a privileged user. … … 122 122 <xref linkend="intro-installing"/>. As for the base package, the SHA256 123 123 checksum of the extension pack should be verified. As the installation 124 requires system privileges, the VirtualBox GUIwill ask for the system124 requires system privileges, VirtualBox will ask for the system 125 125 password during the installation of the extension pack. 126 126 </para> … … 317 317 which the data is transferred could therefore intercept that 318 318 data. An SSH tunnel could be used to secure the connection between 319 the two host . But when considering to teleporta VM over an untrusted319 the two hosts. But when considering teleporting a VM over an untrusted 320 320 network the first question to answer is how both VMs can securely 321 321 access the same virtual disk image(s) with a reasonable performance. </para>
Note:
See TracChangeset
for help on using the changeset viewer.
