As i remember last scandals, The Intel PRO/1000 MT Desktop (82540EM)] has a vulnerability allowing an attacker with root/administrator privileges in a guest to escape to a host ring3. Then the attacker can use existing techniques to escalate privileges to ring 0 via /dev/vboxdrv," Zelenyuk writes in a technical write-up on Tuesday.
Why Intel 1000 PRO right now is everywhere on Whonix machines? Better come back on PCnet-FAST III ?
Whonix build scripts use defaults here. Not using anything specially chosen.
We have one virtual network card which had a security vulnerability which were (at least partially) audited, found a vulnerability, which was fixed and another (or others) virtual network cards without such history.
We don’t have people who could audit these different virtual network card source codes and then draw conclusions. We don’t have the resources to pay someone to do that either. We’re a distribution, not working on that level. For background on that, see:
Bug Reports, Software Development and Feature Requests
From theoretic arguments and logic alone no reasonable changes can be concluded. These could go either way.
They are both equally shitty with PCnet also having vulns. The reason is emulated hardware has a larger attack surface and is slower performing.
Using virtio (which I thik VBox supports) is the better choice. ON the otherhand I don;t think we have the same flexibility to configure the VBox VMs like we can with KVM.
VirtualBox can do a lot nowadays. It supports backend KVM and virtio-net.
https://www.virtualbox.org/manual/ch06.html
- Paravirtualized network adapter (virtio-net)
https://www.virtualbox.org/manual/ch08.html
- –nictype<1-N> Am79C970A|Am79C973|82540EM|82543GC|82545EM|virtio : Enables you to specify the networking hardware that Oracle VM VirtualBox presents to the guest for a specified VM virtual network card. See Section 6.1, “Virtual Networking Hardware”.
–paravirtprovider none|default|legacy|minimal|hyperv|kvm]
Related: