pool/virtualbox
SHA256
12
0
Fork 2
Code Issues Pull Requests Activity

- Revise warning screen concerning USB passthru - fixes bnc#1041137.

Browse Source 
USB passthru opens a security hole, yet it is so valuable that many users want the feature, thus it is our default.
  Previously, a user needed to edit a udev rule to disable passthru. The bad part was that an update of VB changed the
  rule back to allow passthru without any notification. These changes modify the popup to allow the user to accept or decline
  passthru. If the user declines, then the root password is requested and the udev rule is modified. As these modifications will be
  lost with the next VB update, the inode of the udev rule is kept. If the user has previously declined and the inode has changed,
  the popup will show the next time VB is started. File "fix_usb_rules.sh" is added.

OBS-URL: https://build.opensuse.org/package/show/Virtualization/virtualbox?expand=0&rev=336
This commit is contained in:
Larry Finger
2017-06-08 22:26:55 +00:00
committed by Git OBS Bridge
parent 17bc6d4e06
commit af26c92399
5 changed files with 102 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
vbox-usb-warning.diff
View File

@@ -1,10 +1,8 @@
Index: a/src/apps/Makefile.kmk
Index: VirtualBox-5.1.22/src/apps/Makefile.kmk
===================================================================
--- a/src/apps/Makefile.kmk (revision 58576)
+++ b/src/apps/Makefile.kmk (working copy)
@@ -34,7 +34,9 @@
endif
endif
--- VirtualBox-5.1.22.orig/src/apps/Makefile.kmk
+++ VirtualBox-5.1.22/src/apps/Makefile.kmk
@@ -31,5 +31,7 @@ endif
include $(PATH_SUB_CURRENT)/VBoxPermissionMessage/Makefile.kmk
@@ -12,10 +10,10 @@ Index: a/src/apps/Makefile.kmk
+
include $(FILE_KBUILD_SUB_FOOTER)
Index: a/src/apps/VBoxUSB_DevRules/Makefile.kmk
Index: VirtualBox-5.1.22/src/apps/VBoxUSB_DevRules/Makefile.kmk
===================================================================
--- a/src/apps/VBoxUSB_DevRules/Makefile.kmk (revision 0)
+++ b/src/apps/VBoxUSB_DevRules/Makefile.kmk (working copy)
--- /dev/null
+++ VirtualBox-5.1.22/src/apps/VBoxUSB_DevRules/Makefile.kmk
@@ -0,0 +1,33 @@
+# $Id: Makefile.kmk 28800 2010-04-27 08:22:32Z vboxsync $
+## @file
@@ -50,21 +48,34 @@ Index: a/src/apps/VBoxUSB_DevRules/Makefile.kmk
+include $(KBUILD_PATH)/subfooter.kmk
+
+
Index: a/src/apps/VBoxUSB_DevRules/VBoxUSB_DevRules.cpp
Index: VirtualBox-5.1.22/src/apps/VBoxUSB_DevRules/VBoxUSB_DevRules.cpp
===================================================================
--- a/src/apps/VBoxUSB_DevRules/VBoxUSB_DevRules.cpp (revision 0)
+++ b/src/apps/VBoxUSB_DevRules/VBoxUSB_DevRules.cpp (working copy)
@@ -0,0 +1,13 @@
--- /dev/null
+++ VirtualBox-5.1.22/src/apps/VBoxUSB_DevRules/VBoxUSB_DevRules.cpp
@@ -0,0 +1,26 @@
+#include <QtWidgets/QApplication>
+#include <QtWidgets/QMessageBox>
+#include <QtWidgets/QPushButton>
+
+int main(int argc, char *argv[])
+{
+ QApplication app(argc, argv);
+ QMessageBox msgBox;
+ msgBox.setWindowTitle(QObject::tr("USB Rules and Permissions !"));
+ msgBox.setText(QObject::tr("USB passthru opens a security hole. Please read \n\nhttps://bugzilla.novell.com/show_bug.cgi?id=664520\n\nto understand the problem. If you really want/need to use USB passthru and are willing to accept the security risk, then do nothing. To plug the security hole, remove all 'usb' lines from /etc/udev/rules.d/60-vboxdrv.rules.\n\nThis message will not be seen again!"));
+ int ret = msgBox.exec();
+ QPushButton *myYesButton = msgBox.addButton("Enable", QMessageBox::YesRole);
+ QPushButton *myNoButton = msgBox.addButton("Disable", QMessageBox::NoRole);
+ msgBox.setWindowTitle(QObject::tr("USB Rules and Permissions !"));
+ msgBox.setText(QObject::tr("USB passthru opens a security hole. "
+ "Please read \nhttps://bugzilla.novell.com/show_bug.cgi?id=664520\n"
+ "to understand the problem.\n\nWe regard USB passthru to be extremely useful and worth the security risk. "
+ "thus the code defaults to enabling this feature. If you agree that the risk is acceptible, then click 'Enable'.\n"
+ "You will not be asked this question again when VB is updated. If you later change your mind, run 'rm ~/.vbox/*'\n\n"
+ "If you wish to disable USB passthru to plug the security hole, then click 'Disable'. "
+ "You will be asked for the system password, and /etc/udev/rules.d/60-vboxdrv.rules will be changed.\n"
+ "These changes cannot be preserved through VB updates, thus this screen will be displayed again at that time."));
+ msgBox.exec();
+ app.quit();
+ return 0;
+ if (msgBox.clickedButton() == myYesButton)
+ return 0;
+ return 1;
+}
+