- Linux/Solaris/Darwin hosts: verify permissions in /tmp/vbox-$USER-ipc
These changes match that description:
VirtualBox uses /tmp/vbox-$USER-ipc to store a socket and a lock
file. The lock file is truncated after a simple open call. AFAICS
creating /tmp/vbox-$USER-ipc before the victim starts VirtualBox
could therefore be exploited to create files as the victim or
truncate files of the victim.
*** This bug has been marked as a duplicate of bug 245958 ***