VirtualBox

source: vbox/trunk/src/VBox/Installer/linux/vboxautostart-service.sh@ 91749

Last change on this file since 91749 was 88524, checked in by vboxsync, 4 years ago

linux: vboxautostart-service: security improvements.

Introduce more strict security checks when iterating
over VBOXAUTOSTART_DB.

  • Property svn:eol-style set to LF
  • Property svn:keywords set to Author Date Id Revision
File size: 4.0 KB
Line 
1#!/bin/sh
2# $Id: vboxautostart-service.sh 88524 2021-04-15 11:36:36Z vboxsync $
3## @file
4# VirtualBox autostart service init script.
5#
6
7#
8# Copyright (C) 2012-2020 Oracle Corporation
9#
10# This file is part of VirtualBox Open Source Edition (OSE), as
11# available from http://www.virtualbox.org. This file is free software;
12# you can redistribute it and/or modify it under the terms of the GNU
13# General Public License (GPL) as published by the Free Software
14# Foundation, in version 2 as it comes in the "COPYING" file of the
15# VirtualBox OSE distribution. VirtualBox OSE is distributed in the
16# hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
17#
18
19# chkconfig: 345 35 65
20# description: VirtualBox autostart service
21#
22### BEGIN INIT INFO
23# Provides: vboxautostart-service
24# Required-Start: vboxdrv
25# Required-Stop: vboxdrv
26# Default-Start: 2 3 4 5
27# Default-Stop: 0 1 6
28# Description: VirtualBox autostart service
29### END INIT INFO
30
31PATH=$PATH:/bin:/sbin:/usr/sbin
32SCRIPTNAME=vboxautostart-service.sh
33
34[ -f /etc/debian_release -a -f /lib/lsb/init-functions ] || NOLSB=yes
35[ -f /etc/vbox/vbox.cfg ] && . /etc/vbox/vbox.cfg
36
37if [ -n "$INSTALL_DIR" ]; then
38 binary="$INSTALL_DIR/VBoxAutostart"
39else
40 binary="/usr/lib/virtualbox/VBoxAutostart"
41fi
42
43# silently exit if the package was uninstalled but not purged,
44# applies to Debian packages only (but shouldn't hurt elsewhere)
45[ ! -f /etc/debian_release -o -x $binary ] || exit 0
46
47[ -r /etc/default/virtualbox ] && . /etc/default/virtualbox
48
49# Preamble for Gentoo
50if [ "`which $0`" = "/sbin/rc" ]; then
51 shift
52fi
53
54begin_msg()
55{
56 test -n "${2}" && echo "${SCRIPTNAME}: ${1}."
57 logger -t "${SCRIPTNAME}" "${1}."
58}
59
60succ_msg()
61{
62 logger -t "${SCRIPTNAME}" "${1}."
63}
64
65fail_msg()
66{
67 echo "${SCRIPTNAME}: failed: ${1}." >&2
68 logger -t "${SCRIPTNAME}" "failed: ${1}."
69}
70
71start_daemon() {
72 usr="$1"
73 shift
74 su - $usr -c "$*"
75}
76
77if which start-stop-daemon >/dev/null 2>&1; then
78 start_daemon() {
79 usr="$1"
80 shift
81 bin="$1"
82 shift
83 start-stop-daemon --chuid $usr --start --exec $bin -- $@
84 }
85fi
86
87vboxdrvrunning() {
88 lsmod | grep -q "vboxdrv[^_-]"
89}
90
91valid_db_entry() {
92
93 entry="$1"
94 [ -z "$entry" ] && return 1
95
96 user="$2"
97 [ -z "$user" ] && return 1
98
99 user_name=$(id -n -u "$user" 2>/dev/null)
100 [ -z "$user_name" ] && return 1
101
102 user_id=$(id -u "$user" 2>/dev/null)
103
104 # Verify that @user identifies a user *by name* (i.e. not a numeric id).
105 # Careful, all numeric user names are legal.
106 if [ "$user_id" = "$user" ] && [ "$user_name" != "$user" ]; then
107 return 1
108 fi
109
110 # Verify whether file name is the same as file owner name.
111 [ -z "$(find "$entry" -user "$user" -type f 2>/dev/null)" ] && return 1
112
113 return 0
114}
115
116start() {
117 [ -z "$VBOXAUTOSTART_DB" ] && exit 0
118 [ -z "$VBOXAUTOSTART_CONFIG" ] && exit 0
119 begin_msg "Starting VirtualBox VMs configured for autostart" console;
120 vboxdrvrunning || {
121 fail_msg "VirtualBox kernel module not loaded!"
122 exit 0
123 }
124 PARAMS="--background --start --config $VBOXAUTOSTART_CONFIG"
125
126 # prevent inheriting this setting to VBoxSVC
127 unset VBOX_RELEASE_LOG_DEST
128
129 for entry in "$VBOXAUTOSTART_DB"/*.start
130 do
131 user=$(basename "$entry" .start)
132 [ "$user" = "*" ] && break
133 valid_db_entry "$entry" "$user" || continue
134
135 start_daemon "$user" "$binary" $PARAMS > /dev/null 2>&1
136 done
137
138 return $RETVAL
139}
140
141stop() {
142 [ -z "$VBOXAUTOSTART_DB" ] && exit 0
143 [ -z "$VBOXAUTOSTART_CONFIG" ] && exit 0
144
145 PARAMS="--stop --config $VBOXAUTOSTART_CONFIG"
146
147 # prevent inheriting this setting to VBoxSVC
148 unset VBOX_RELEASE_LOG_DEST
149
150 for entry in "$VBOXAUTOSTART_DB"/*.stop
151 do
152 user=$(basename "$entry" .stop)
153 [ "$user" = "*" ] && break
154 valid_db_entry "$entry" "$user" || continue
155
156 start_daemon "$user" "$binary" $PARAMS > /dev/null 2>&1
157 done
158
159 return $RETVAL
160}
161
162case "$1" in
163start)
164 start
165 ;;
166stop)
167 stop
168 ;;
169*)
170 echo "Usage: $0 {start|stop}"
171 exit 1
172esac
173
174exit $RETVAL
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette