Ubuntu
virtualbox package

Bug #1935856
Comment #5

Comment 5 for bug 1935856

Revision history for this message

MarkJBobak (mark-bobak) wrote on 2021-07-30: Re: [Bug 1935856] Re: Virtualbox encounters 'Effective UID is not root' when starting a VM

Nice. I'm currently away from my computer, but I'll have a look ASAP.

Thanks!

-Mark

On Fri, Jul 30, 2021, 06:41 Oliver Maurhart <email address hidden>
wrote:

> Add-on: I checked the sources provided at
> https://download.virtualbox.org/virtualbox/6.1.22/ and I think the
> responsible code snippet is in
> VirtualBox-6.1.22/src/VBox/HostDrivers/Support/SUPR3HardenedMain.cpp
>
> ```
> $ cat -n
> VirtualBox-6.1.22/src/VBox/HostDrivers/Support/SUPR3HardenedMain.cpp | grep
> -A 10 2550
> 2550 /*
> 2551 * Check that we're root, if we aren't then the installation
> is butchered.
> 2552 */
> 2553 g_uid = getuid();
> 2554 g_gid = getgid();
> 2555 if (geteuid() != 0 /* root */)
> 2556 supR3HardenedFatalMsg("SUPR3HardenedMain",
> kSupInitOp_RootCheck, VERR_PERMISSION_DENIED,
> 2557 "Effective UID is not root (euid=%d
> egid=%d uid=%d gid=%d)",
> 2558 geteuid(), getegid(), g_uid, g_gid);
> 2559 #endif /* SUP_HARDENED_SUID */
> 2560
> ```
>
> When making a small demo:
> ```
> $ cat a.c
> #include <stdio.h>
> #include <fcntl.h>
>
> #include <unistd.h>
> #include <sys/types.h>
>
> int main(int argc, char** argv) {
>
> printf("Real user id: %d\n", getuid());
> printf("Effective user id: %d\n", geteuid());
>
> int res = openat(AT_FDCWD, "/dev/vboxnetctl", O_RDWR);
>
> if (res == -1) {
> perror(NULL);
> return 1;
> }
> printf("Opened file.\n");
> return 0;
> }
> ```
> with
>
> ```
> $ gcc a.c
> $ sudo chown root: a.out
> $ ls -l a.out
> -rwxrwxr-x 1 root root 16312 Jul 30 12:05 a.out
>
> $ ./a.out
> Real user id: 1000
> Effective user id: 1000
> Operation not permitted
>
> $ sudo ./a.out
> Real user id: 0
> Effective user id: 0
> Opened file.
>
> $ sudo chmod u+s a.out
> $ ./a.out
> Real user id: 1000
> Effective user id: 0
> Opened file.
> ```
>
> However, regardless if I provide each and every executable in
> /usr/lib/virtualbox/* the sticky bit with `chmod u+s` this error keeps
> popping up.
>
> X11 showing the error dialog refers to /usr/lib/virtualbox/VBoxManage.
> But it seems very resilient to any of my attempts.
>
> BUT: running VBoxManage as root (e.g. `sudo VirtualBox`) works like
> charm.
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1935856
>
> Title:
> Virtualbox encounters 'Effective UID is not root' when starting a VM
>
> To manage notifications about this bug go to:
>
> https://bugs.launchpad.net/ubuntu/+source/virtualbox/+bug/1935856/+subscriptions
>
>

Nice.  I'm currently away from my computer, but I'll have a look ASAP.

Thanks!

-Mark

On Fri, Jul 30, 2021, 06:41 Oliver Maurhart <1935856@bugs.launchpad.net>
wrote:

> Add-on: I checked the sources provided at
> https://download.virtualbox.org/virtualbox/6.1.22/ and I think the
> responsible code snippet is in
> VirtualBox-6.1.22/src/VBox/HostDrivers/Support/SUPR3HardenedMain.cpp
>
> ```
> $ cat -n
> VirtualBox-6.1.22/src/VBox/HostDrivers/Support/SUPR3HardenedMain.cpp | grep
> -A 10 2550
>   2550      /*
>   2551       * Check that we're root, if we aren't then the installation
> is butchered.
>   2552       */
>   2553      g_uid = getuid();
>   2554      g_gid = getgid();
>   2555      if (geteuid() != 0 /* root */)
>   2556          supR3HardenedFatalMsg("SUPR3HardenedMain",
> kSupInitOp_RootCheck, VERR_PERMISSION_DENIED,
>   2557                                "Effective UID is not root (euid=%d
> egid=%d uid=%d gid=%d)",
>   2558                                geteuid(), getegid(), g_uid, g_gid);
>   2559  #endif /* SUP_HARDENED_SUID */
>   2560
> ```
>
> When making a small demo:
> ```
> $ cat a.c
> #include <stdio.h>
> #include <fcntl.h>
>
> #include <unistd.h>
> #include <sys/types.h>
>
> int main(int argc, char** argv)  {
>
>     printf("Real user id: %d\n", getuid());
>     printf("Effective user id: %d\n", geteuid());
>
>     int res = openat(AT_FDCWD, "/dev/vboxnetctl", O_RDWR);
>
>     if (res == -1) {
>         perror(NULL);
>         return 1;
>     }
>     printf("Opened file.\n");
>     return 0;
> }
> ```
> with
>
> ```
> $ gcc a.c
> $ sudo chown root: a.out
> $ ls -l a.out
> -rwxrwxr-x 1 root root 16312 Jul 30 12:05 a.out
>
> $ ./a.out
> Real user id: 1000
> Effective user id: 1000
> Operation not permitted
>
> $ sudo ./a.out
> Real user id: 0
> Effective user id: 0
> Opened file.
>
> $ sudo chmod u+s a.out
> $ ./a.out
> Real user id: 1000
> Effective user id: 0
> Opened file.
> ```
>
> However, regardless if I provide each and every executable in
> /usr/lib/virtualbox/* the sticky bit with `chmod u+s` this error keeps
> popping up.
>
> X11 showing the error dialog refers to /usr/lib/virtualbox/VBoxManage.
> But it seems very resilient to any of my attempts.
>
> BUT: running VBoxManage as root (e.g. `sudo VirtualBox`) works like
> charm.
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1935856
>
> Title:
>   Virtualbox encounters 'Effective UID is not root' when starting a VM
>
> To manage notifications about this bug go to:
>
> https://bugs.launchpad.net/ubuntu/+source/virtualbox/+bug/1935856/+subscriptions
>
>

Ubuntuvirtualbox package

Comment 5 for bug 1935856

Ubuntu
virtualbox package