Isn't the guest additions ISO file included in the Installer package? On Sun, Aug 10, 2014 at 7:58 AM, George Kadianakis <[email protected]> wrote: > Hello there! > > It seems that VirtualBox downloads the guest additions ISO over > HTTP. This is not a good idea, since code is being executed from that > ISO, and if it's downloaded over HTTP any network attacker can MITM > and replace with her own ISO. > > It would be better, I think, if the download happened over SSL (using > HTTPS). Maybe in the future you could also use digital signatures to > protect the download. > > {{{ UIDownloaderAdditions::UIDownloaderAdditions(): > /* Prepare source/target: */ > const QString &strName = > QString("VBoxGuestAdditions_%1.iso").arg(vboxGlobal().vboxVersionStringNormalized()); > const QString &strSource = > QString("http://download.virtualbox.org/virtualbox/%1/";).arg(vboxGlobal().vboxVersionStringNormalized()) > + strName; > const QString &strTarget = > QDir(vboxGlobal().virtualBox().GetHomeFolder()).absoluteFilePath(strName); > }}} > > Thank you! > > _______________________________________________ > vbox-dev mailing list > [email protected] > https://www.virtualbox.org/mailman/listinfo/vbox-dev
_______________________________________________ vbox-dev mailing list [email protected] https://www.virtualbox.org/mailman/listinfo/vbox-dev
