diff --git a/vbox-usb-warning.diff b/vbox-usb-warning.diff index 56b9946..571987b 100644 --- a/vbox-usb-warning.diff +++ b/vbox-usb-warning.diff @@ -62,7 +62,7 @@ Index: a/src/apps/VBoxUSB_DevRules/VBoxUSB_DevRules.cpp + QApplication app(argc, argv); + QMessageBox msgBox; + msgBox.setWindowTitle(QObject::tr("USB Rules and Permissions !")); -+ msgBox.setText(QObject::tr("USB passthru opens a security hole. Please read \n\nhttps://bugzilla.novell.com/show_bug.cgi?id=664520\n\nto understand the problem. If you really want/need to use USB passthru, then copy /usr/lib/udev/rules.d/60-vboxdrv.rules to /etc/udev/rules.d/, and modify that file as outlined in the comments.\n\nTo avoid seeing this message every time VirtualBox is started, a dummy file is being created.")); ++ msgBox.setText(QObject::tr("USB passthru opens a security hole. Please read \n\nhttps://bugzilla.novell.com/show_bug.cgi?id=664520\n\nto understand the problem. If you really want/need to use USB passthru and are willing to accept the security risk, then do nothing. To plug the security hole, remove all 'usb' lines from /etc/udev/rules.d/60-vboxdrv.rules.\n\nThis message will not be seen again!")); + int ret = msgBox.exec(); + app.quit(); + return 0; diff --git a/virtualbox-60-vboxdrv.rules b/virtualbox-60-vboxdrv.rules new file mode 100644 index 0000000..6a4093a --- /dev/null +++ b/virtualbox-60-vboxdrv.rules @@ -0,0 +1,7 @@ +KERNEL=="vboxdrv", NAME="vboxdrv", OWNER="root", GROUP="root", MODE="0600" +KERNEL=="vboxdrvu", NAME="vboxdrvu", OWNER="root", GROUP="root", MODE="0666" +KERNEL=="vboxnetctl", NAME="vboxnetctl", OWNER="root", GROUP="root", MODE="0600" +SUBSYSTEM=="usb_device", ACTION=="add", RUN+="/usr/lib/virtualbox/VBoxCreateUSBNode.sh $major $minor $attr{bDeviceClass}" +SUBSYSTEM=="usb", ACTION=="add", ENV{DEVTYPE}=="usb_device", RUN+="/usr/lib/virtualbox/VBoxCreateUSBNode.sh $major $minor $attr{bDeviceClass}" +SUBSYSTEM=="usb_device", ACTION=="remove", RUN+="/usr/lib/virtualbox/VBoxCreateUSBNode.sh --remove $major $minor" +SUBSYSTEM=="usb", ACTION=="remove", ENV{DEVTYPE}=="usb_device", RUN+="/usr/lib/virtualbox/VBoxCreateUSBNode.sh --remove $major $minor" diff --git a/virtualbox-wrapper.sh b/virtualbox-wrapper.sh index 812fd57..7c48013 100644 --- a/virtualbox-wrapper.sh +++ b/virtualbox-wrapper.sh @@ -1,4 +1,9 @@ #!/bin/bash export QT_NO_KDE_INTEGRATION=1 /usr/bin/id -nG | grep -v -e "root" -e "vboxusers" >/dev/null && /usr/lib/virtualbox/VBoxPermissionMessage && exit +if [ ! -f ~/.vbox/message_out ] ; then + /usr/lib/virtualbox/VBoxUSB_DevRules + mkdir -p ~/.vbox/ + touch ~/.vbox/message_out +fi LD_LIBRARY_PATH="/usr/lib/virtualbox${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}" /usr/lib/virtualbox/VirtualBox $@ diff --git a/virtualbox.changes b/virtualbox.changes index 4c824d3..5a6fa55 100644 --- a/virtualbox.changes +++ b/virtualbox.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Sat Jan 14 02:14:27 UTC 2017 - Larry.Finger@lwfinger.net + +- The printing of the warning about the insecurity in USB passthru had been lost. As most people are likely to want that feature, + the logic has been inverted. Now, the required udev commands to allow passthru are included. The first time that VB is started, + the user will get a screen that points to the bug entry discussing the problem and states what they should do to block the + insecure usage. In any case, that screen will only be printed once. File "virtualbox-60-vboxdrv.rules" has been added + These changes address the issues in bnc #1018340. + ------------------------------------------------------------------- Wed Dec 21 03:19:26 UTC 2016 - Larry.Finger@lwfinger.net diff --git a/virtualbox.spec b/virtualbox.spec index 38fa38f..ed1cb5d 100644 --- a/virtualbox.spec +++ b/virtualbox.spec @@ -1,7 +1,7 @@ # # spec file for package virtualbox # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ %define _vbox_instdir %{_libexecdir}/virtualbox -%define _udevrulesdir %{_libexecdir}/udev/rules.d +%define _udevrulesdir %{_sysconfdir}/udev/rules.d Name: virtualbox Version: 5.1.12 Release: 0 @@ -40,6 +40,7 @@ Source7: %{name}-host-preamble Source8: %{name}-guest-preamble Source9: %{name}-wrapper.sh Source10: %{name}-LocalConfig.kmk +Source11: %{name}-60-vboxdrv.rules # init script to start virtual boxes during boot, to be configured via /etc/sysconfig/vbox bnc#582398 Source12: %{name}-vboxes Source13: %{name}-sysconfig.vbox @@ -530,6 +531,7 @@ install -m 755 VBoxXPCOMIPCD %{buildroot}%{_vbox_instdir} install -m 755 VBoxExtPackHelperApp %{buildroot}%{_vbox_instdir} install -m 755 VBoxTestOGL %{buildroot}%{_vbox_instdir} install -m 755 VBoxPermissionMessage %{buildroot}%{_vbox_instdir} +install -m 755 VBoxUSB_DevRules %{buildroot}%{_vbox_instdir} install -m 755 VBoxNetDHCP %{buildroot}%{_vbox_instdir} install -m 755 VBoxNetAdpCtl %{buildroot}%{_vbox_instdir} install -m 755 VirtualBox %{buildroot}%{_vbox_instdir} @@ -544,6 +546,7 @@ install -m 644 nls/* %{buildroot}%{_datadir}/virtualbox/nls/ # install kmp src mkdir -p %{buildroot}%{_usrsrc}/kernel-modules cp -a src %{buildroot}%{_usrsrc}/kernel-modules/virtualbox +install -m 644 %{SOURCE11} %{buildroot}%{_udevrulesdir}/60-vboxdrv.rules popd # install desktop file @@ -792,6 +795,7 @@ exit 0 %files qt %defattr(-, root, root) %attr(0755,root,vboxusers) %{_vbox_instdir}/VBoxPermissionMessage +%attr(0755,root,vboxusers) %{_vbox_instdir}/VBoxUSB_DevRules %verify(not mode) %attr(4750,root,vboxusers) %{_vbox_instdir}/VirtualBox #wrapper script is in bindir %attr(0755,root,root) %{_bindir}/VirtualBox @@ -802,6 +806,7 @@ exit 0 %{_vbox_instdir}/VirtualBox.so %{_datadir}/pixmaps/virtualbox.png %{_datadir}/applications/%{name}.desktop +%{_udevrulesdir}/60-vboxdrv.rules %files guest-x11 %defattr(-, root, root)