From ce541db5bcaa9d4caaeb77df274fbf75bdd0cb2440b7f12a610843272eb1b5ba Mon Sep 17 00:00:00 2001
From: Larry Finger <Larry.Finger@gmail.com>
Date: Sat, 14 Jan 2017 02:16:29 +0000
Subject: [PATCH] - The printing of the warning about the insecurity in USB
 passthru had been lost. As most people are likely to want that feature,   the
 logic has been inverted. Now, the required udev commands to allow passthru
 are included. The first time that VB is started,   the user will get a screen
 that points to the bug entry discussing the problem and states what they
 should do to block the   insecure usage. In any case, that screen will only
 be printed once. File "virtualbox-60-vboxdrv.rules" has been added   These
 changes address the issues in bnc #1018340.

OBS-URL: https://build.opensuse.org/package/show/Virtualization/virtualbox?expand=0&rev=303
---
 vbox-usb-warning.diff       | 2 +-
 virtualbox-60-vboxdrv.rules | 7 +++++++
 virtualbox-wrapper.sh       | 5 +++++
 virtualbox.changes          | 9 +++++++++
 virtualbox.spec             | 9 +++++++--
 5 files changed, 29 insertions(+), 3 deletions(-)
 create mode 100644 virtualbox-60-vboxdrv.rules

diff --git a/vbox-usb-warning.diff b/vbox-usb-warning.diff
index 56b9946..571987b 100644
--- a/vbox-usb-warning.diff
+++ b/vbox-usb-warning.diff
@@ -62,7 +62,7 @@ Index: a/src/apps/VBoxUSB_DevRules/VBoxUSB_DevRules.cpp
 +        QApplication app(argc, argv);
 +        QMessageBox msgBox;
 +        msgBox.setWindowTitle(QObject::tr("USB Rules and Permissions !"));
-+        msgBox.setText(QObject::tr("USB passthru opens a security hole. Please read \n\nhttps://bugzilla.novell.com/show_bug.cgi?id=664520\n\nto understand the problem. If you really want/need to use USB passthru, then copy /usr/lib/udev/rules.d/60-vboxdrv.rules to /etc/udev/rules.d/, and modify that file as outlined in the comments.\n\nTo avoid seeing this message every time VirtualBox is started, a dummy file is being created."));
++        msgBox.setText(QObject::tr("USB passthru opens a security hole. Please read \n\nhttps://bugzilla.novell.com/show_bug.cgi?id=664520\n\nto understand the problem. If you really want/need to use USB passthru and are willing to accept the security risk, then do nothing. To plug the security hole, remove all 'usb' lines from /etc/udev/rules.d/60-vboxdrv.rules.\n\nThis message will not be seen again!"));
 +        int ret = msgBox.exec();
 +        app.quit();
 +        return 0;
diff --git a/virtualbox-60-vboxdrv.rules b/virtualbox-60-vboxdrv.rules
new file mode 100644
index 0000000..6a4093a
--- /dev/null
+++ b/virtualbox-60-vboxdrv.rules
@@ -0,0 +1,7 @@
+KERNEL=="vboxdrv", NAME="vboxdrv", OWNER="root", GROUP="root", MODE="0600"
+KERNEL=="vboxdrvu", NAME="vboxdrvu", OWNER="root", GROUP="root", MODE="0666"
+KERNEL=="vboxnetctl", NAME="vboxnetctl", OWNER="root", GROUP="root", MODE="0600"
+SUBSYSTEM=="usb_device", ACTION=="add", RUN+="/usr/lib/virtualbox/VBoxCreateUSBNode.sh $major $minor $attr{bDeviceClass}"
+SUBSYSTEM=="usb", ACTION=="add", ENV{DEVTYPE}=="usb_device", RUN+="/usr/lib/virtualbox/VBoxCreateUSBNode.sh $major $minor $attr{bDeviceClass}"
+SUBSYSTEM=="usb_device", ACTION=="remove", RUN+="/usr/lib/virtualbox/VBoxCreateUSBNode.sh --remove $major $minor"
+SUBSYSTEM=="usb", ACTION=="remove", ENV{DEVTYPE}=="usb_device", RUN+="/usr/lib/virtualbox/VBoxCreateUSBNode.sh --remove $major $minor"
diff --git a/virtualbox-wrapper.sh b/virtualbox-wrapper.sh
index 812fd57..7c48013 100644
--- a/virtualbox-wrapper.sh
+++ b/virtualbox-wrapper.sh
@@ -1,4 +1,9 @@
 #!/bin/bash
 export QT_NO_KDE_INTEGRATION=1
 /usr/bin/id -nG | grep -v -e "root" -e "vboxusers" >/dev/null && /usr/lib/virtualbox/VBoxPermissionMessage && exit
+if [ ! -f ~/.vbox/message_out ] ; then
+    /usr/lib/virtualbox/VBoxUSB_DevRules
+    mkdir -p ~/.vbox/
+    touch ~/.vbox/message_out
+fi
 LD_LIBRARY_PATH="/usr/lib/virtualbox${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}" /usr/lib/virtualbox/VirtualBox $@
diff --git a/virtualbox.changes b/virtualbox.changes
index 4c824d3..5a6fa55 100644
--- a/virtualbox.changes
+++ b/virtualbox.changes
@@ -1,3 +1,12 @@
+-------------------------------------------------------------------
+Sat Jan 14 02:14:27 UTC 2017 - Larry.Finger@lwfinger.net
+
+- The printing of the warning about the insecurity in USB passthru had been lost. As most people are likely to want that feature,
+  the logic has been inverted. Now, the required udev commands to allow passthru are included. The first time that VB is started,
+  the user will get a screen that points to the bug entry discussing the problem and states what they should do to block the
+  insecure usage. In any case, that screen will only be printed once. File "virtualbox-60-vboxdrv.rules" has been added
+  These changes address the issues in bnc #1018340.
+
 -------------------------------------------------------------------
 Wed Dec 21 03:19:26 UTC 2016 - Larry.Finger@lwfinger.net
 
diff --git a/virtualbox.spec b/virtualbox.spec
index 38fa38f..ed1cb5d 100644
--- a/virtualbox.spec
+++ b/virtualbox.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package virtualbox
 #
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
 
 
 %define _vbox_instdir  %{_libexecdir}/virtualbox
-%define _udevrulesdir %{_libexecdir}/udev/rules.d
+%define _udevrulesdir %{_sysconfdir}/udev/rules.d
 Name:           virtualbox
 Version:        5.1.12
 Release:        0
@@ -40,6 +40,7 @@ Source7:        %{name}-host-preamble
 Source8:        %{name}-guest-preamble
 Source9:        %{name}-wrapper.sh
 Source10:       %{name}-LocalConfig.kmk
+Source11:       %{name}-60-vboxdrv.rules
 # init script to start virtual boxes during boot, to be configured via /etc/sysconfig/vbox bnc#582398
 Source12:       %{name}-vboxes
 Source13:       %{name}-sysconfig.vbox
@@ -530,6 +531,7 @@ install -m 755 VBoxXPCOMIPCD 			%{buildroot}%{_vbox_instdir}
 install -m 755 VBoxExtPackHelperApp		%{buildroot}%{_vbox_instdir}
 install -m 755 VBoxTestOGL			%{buildroot}%{_vbox_instdir}
 install -m 755 VBoxPermissionMessage		%{buildroot}%{_vbox_instdir}
+install -m 755 VBoxUSB_DevRules			%{buildroot}%{_vbox_instdir}
 install -m 755 VBoxNetDHCP			%{buildroot}%{_vbox_instdir}
 install -m 755 VBoxNetAdpCtl			%{buildroot}%{_vbox_instdir}
 install -m 755 VirtualBox			%{buildroot}%{_vbox_instdir}
@@ -544,6 +546,7 @@ install -m 644 nls/*				%{buildroot}%{_datadir}/virtualbox/nls/
 # install kmp src
 mkdir -p %{buildroot}%{_usrsrc}/kernel-modules
 cp -a src %{buildroot}%{_usrsrc}/kernel-modules/virtualbox
+install -m 644 %{SOURCE11}			%{buildroot}%{_udevrulesdir}/60-vboxdrv.rules
 popd
 
 # install desktop file
@@ -792,6 +795,7 @@ exit 0
 %files qt
 %defattr(-, root, root)
 %attr(0755,root,vboxusers) %{_vbox_instdir}/VBoxPermissionMessage
+%attr(0755,root,vboxusers) %{_vbox_instdir}/VBoxUSB_DevRules
 %verify(not mode) %attr(4750,root,vboxusers) %{_vbox_instdir}/VirtualBox
 #wrapper script is in bindir
 %attr(0755,root,root) %{_bindir}/VirtualBox
@@ -802,6 +806,7 @@ exit 0
 %{_vbox_instdir}/VirtualBox.so
 %{_datadir}/pixmaps/virtualbox.png
 %{_datadir}/applications/%{name}.desktop
+%{_udevrulesdir}/60-vboxdrv.rules
 
 %files guest-x11
 %defattr(-, root, root)