Ask Your Question
0

Does installing virtualbox in Fedora cause the security level of the kernel to decrease?

asked 2014-07-08 11:30:16 -0600

Ervin gravatar image

updated 2014-07-09 09:04:14 -0600

mether gravatar image

In order to install Oracle Virtualbox in Fedora one needs to install certain additional packages first, dkms being one them. I once uninstalled those packages after installing VirtualBox and ended up without a graphical package. Does installing those packages needed to make Virtualbox work cause the kernel to become vulnerable?

edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted
0

answered 2014-07-09 04:02:34 -0600

NickTux gravatar image

Those packages must be installed, because of the modules that are need to be build, in order VirtualBox works as it should. dkms will help and ensure that with a kernel update the modules will re-build and VirtualBox will continue to work.

Before version 4.0, there were two editions of VirtualBox: a full binary containing all features and an "Open Source Edition" (OSE) with source code. With version 4.0, there is only one version any more, which is open source, and the closed-source components have been moved to a separate extension pack.

Source.

At my opinion, any open source program can be considered as safe. You can examine the code, others can examine the code, it's free (as in Freedom) available and specifically VirtualBox is under the GPLv2 license.

Now, if you install the extension pack, that contains some closed source components, someone can say "This is a vulnerability, we don't know the code, we cannot examine the code"...etc, and whatever goes with a closed source code.

edit flag offensive delete link more
0

answered 2014-07-09 05:15:36 -0600

hedayat gravatar image

Installing VirtualBox dependencies such as dkms are safe, they are proper Fedora packages.

However, if you are asking about VirtualBox itself, NikTh has provided the answer. But I can add that since VirtualBox adds kernel modules which are not verified by kernel developers (and, IIRC, they actually didn't like it), it can have lower quality and have reliability and/or security implications.

If you are really concerned, you can either have some security experts examine the code, or use KVM which is supported by the stock kernel and it provides comparable features to VirtualBox ones (even some closed source parts of it like USB support).

edit flag offensive delete link more

Question Tools

2 followers

Stats

Asked: 2014-07-08 11:30:16 -0600

Seen: 232 times

Last updated: Jul 09 '14