| In a virtual machine, users and processes without root or administrator privileges can connect or disconnect devices, such as network adaptors and CD-ROM drives, and can modify device settings. Use the virtual machine settings editor or configuration editor to remove unneeded or unused hardware devices. To use the device again, prevent a user or running process in the virtual machine from connecting, disconnecting, or modifying a device from within the guest operating system.
By default, a rogue user with nonadministrator privileges in a virtual machine can:
1. Connect a disconnected CD-ROM drive and access sensitive information on the media left in the drive.
2. Disconnect a network adaptor to isolate the virtual machine from its network, which is a denial of service.
3. Modify settings on a device. |