You are correct that these binaries are suid root but your deduction is wrong. These binaries need access to a kernel interface which is provided by the VirtualBox kernel modules. This interface can be used to harm complete machine including the kernel. So the access to this interface must be restricted.
It is NOT sufficient to restrict the access to this kernel interface to certain users (by choosing proper permissions for /dev/vboxdrv) but it must be restricted to certain applications as well. The usual practise for doing so is to make the binary suid root. The binary will open the restricted interface and will then drop the privileges immediately keeping the interface open. This guarantees that only dedicated applications can access this kernel interface. Kind regards, Frank -- Dr.-Ing. Frank Mehnert Sitz der Gesellschaft: Sun Microsystems GmbH, Sonnenallee 1, 85551 Kirchheim-Heimstetten Amtsgericht München: HRB 161028 Geschäftsführer: Jürgen Kunz
signature.asc
Description: This is a digitally signed message part.
