diff --git a/xorriso/xorriso.1 b/xorriso/xorriso.1
index 6ff9f53d..e58fddc2 100644
--- a/xorriso/xorriso.1
+++ b/xorriso/xorriso.1
@@ -2,7 +2,7 @@
 .\" First parameter, NAME, should be all caps
 .\" Second parameter, SECTION, should be 1-8, maybe w/ subsection
 .\" other parameters are allowed: see man(7), man(1)
-.TH XORRISO 1 "Apr 04, 2009"
+.TH XORRISO 1 "Apr 05, 2009"
 .\" Please adjust this date whenever revising the manpage.
 .\"
 .\" Some roff macros, for reference:
@@ -2514,10 +2514,11 @@ of -overwrite "nondir". I.e. directories cannot be deleted.
 Access permissions of files in the ISO image do not restrict restoring.
 The directory permissions on disk have to allow rwx.
 .TP
-\fB\-osirrox\fR "on"|"device_files"|"off"[:option:...]
+\fB\-osirrox\fR "on"|"device_files"|"off"|"banned"|[:option:...]
 Setting "off" disables disk filesystem manipulations. This is the default
 unless the program was started with leafname "osirrox". Elsewise
 the capability to restore files can be enabled explicitly by -osirrox "on".
+It can be irrevocably disabled by -osirrox "banned".
 .br
 To enable restoring of special files by "device_files" is potentially
 dangerous.
diff --git a/xorriso/xorriso.c b/xorriso/xorriso.c
index 4b798ac5..270a1587 100644
--- a/xorriso/xorriso.c
+++ b/xorriso/xorriso.c
@@ -91,6 +91,7 @@ or
 #include <grp.h>
 #include <signal.h>
 #include <sys/utsname.h>
+#include <sys/select.h>
 
 /* for -charset */
 #include <iconv.h>
@@ -5876,7 +5877,7 @@ int Xorriso_status(struct XorrisO *xorriso, char *filter, FILE *fp, int flag)
 {
  int is_default, no_defaults, i, ret, adr_mode, bin_path_in_use= 0, do_single;
  char *line, sfe[5 * SfileadrL + 80], mode[80], *form, *treatment;
- char *in_pt, *out_pt, *nl_charset, *local_charset;
+ char *in_pt, *out_pt, *nl_charset, *local_charset, *mode_pt;
  static char channel_prefixes[4][4]= {".","R","I","M"};
  static char load_names[][20]= {"auto", "session", "track", "lba", "volid"};
  static int max_load_mode= 4;
@@ -6033,9 +6034,17 @@ int Xorriso_status(struct XorrisO *xorriso, char *filter, FILE *fp, int flag)
 
  is_default= (xorriso->allow_restore==0 && xorriso->do_concat_split==1 &&
               xorriso->do_auto_chmod==0);
- sprintf(line,"-osirrox %s:%s:%s\n",
-         xorriso->allow_restore ? xorriso->allow_restore==2 ?
-                                                 "device_files" : "on" : "off",
+ mode_pt= "off"; 
+ if(xorriso->allow_restore == -1)
+   mode_pt= "banned";
+ else if(xorriso->allow_restore == 1)
+   mode_pt= "on";
+ else if(xorriso->allow_restore == 2)
+   mode_pt= "device_files";
+ if(xorriso->allow_restore == -1)
+   sprintf(line,"-osirrox %s\n", mode_pt);
+ else
+   sprintf(line,"-osirrox %s:%s:%s\n", mode_pt,
          xorriso->do_concat_split ? "concat_split_on" : "concat_split_off",
          xorriso->do_auto_chmod ? "auto_chmod_on" : "auto_chmod_off"
         );
@@ -12910,7 +12919,7 @@ int Xorriso_option_cpx(struct XorrisO *xorriso, int argc, char **argv,
    is_dir= 1;
    strcpy(dest_dir, eff_dest);
  }
- if(!xorriso->allow_restore) {
+ if(xorriso->allow_restore <= 0) {
    sprintf(xorriso->info_text,
           "-cpx: image-to-disk copies are not enabled by option -osirrox");
    Xorriso_msgs_submit(xorriso, 0, xorriso->info_text, 0, "FAILURE", 0);
@@ -13426,7 +13435,7 @@ int Xorriso_option_extract(struct XorrisO *xorriso, char *iso_path,
  int ret;
  char eff_origin[SfileadrL], eff_dest[SfileadrL], *ipth;
 
- if(!xorriso->allow_restore) {
+ if(xorriso->allow_restore <= 0) {
    sprintf(xorriso->info_text,
           "-extract: image-to-disk copies are not enabled by option -osirrox");
    Xorriso_msgs_submit(xorriso, 0, xorriso->info_text, 0, "FAILURE", 0);
@@ -14379,10 +14388,13 @@ int Xorriso_option_help(struct XorrisO *xorriso, int flag)
 "                 Performs -compare_r with each disk_path.",
 "",
 "Restore options which copy file objects from ISO image to disk filesystem:",
-"  -osirrox \"on\"|\"device_files\"|\"off\":\"concat_split_on\"|\"concat_split_off\"",
+"  -osirrox \"on\"|\"device_files\"|\"off\"|\"banned\"",
+"           [:\"concat_split_on\"|\"concat_split_off\"]",
+"           [:\"auto_chmod__on\"|\"auto_chmod__off\"]",
 "                 By default \"off\" the inverse operation of xorriso from ISO",
 "                 image to disk filesystem is disabled. \"on\" allows xorriso",
 "                 to create, overwrite, delete files in the disk filesystem.", 
+"                 \"banned\" is irrevocably \"off\".",
 "  -extract iso_rr_path disk_path",
 "                 Copy tree under iso_rr_path onto disk address disk_path.",
 "                 This avoids the pitfalls of cp -r addressing rules.",
@@ -15102,7 +15114,7 @@ int Xorriso_option_mount(struct XorrisO *xorriso, char *dev, char *adr_mode,
    mnt= "-session_string";
  else {
    mnt= "-mount";
-   if(!xorriso->allow_restore) {
+   if(xorriso->allow_restore <= 0) {
      sprintf(xorriso->info_text,
           "-mount: image-to-disk features are not enabled by option -osirrox");
      Xorriso_msgs_submit(xorriso, 0, xorriso->info_text, 0, "FAILURE", 0);
@@ -15487,9 +15499,11 @@ ex:;
 /* Option -osirrox "on"|"off" */
 int Xorriso_option_osirrox(struct XorrisO *xorriso, char *mode, int flag)
 {
- int l;
+ int l, allow_restore;
  char *npt, *cpt;
 
+ allow_restore= xorriso->allow_restore;
+
  npt= cpt= mode;
  for(cpt= mode; npt!=NULL; cpt= npt+1) {
    npt= strchr(cpt,':');
@@ -15500,11 +15514,13 @@ int Xorriso_option_osirrox(struct XorrisO *xorriso, char *mode, int flag)
    if(l==0 && mode[0]!=0)
      goto unknown_mode;
    if(strncmp(cpt, "off", l)==0)
-     xorriso->allow_restore= 0;
+     allow_restore= 0;
+   else if(strncmp(cpt, "banned", l)==0)
+     allow_restore= -1;
    else if(strncmp(cpt, "device_files", l)==0)
-     xorriso->allow_restore= 2;
+     allow_restore= 2;
    else if(strncmp(cpt, "on", l)==0 || mode[0]==0)
-     xorriso->allow_restore= 1;
+     allow_restore= 1;
    else if(strncmp(cpt, "concat_split_on", l)==0)
      xorriso->do_concat_split= 1;
    else if(strncmp(cpt, "concat_split_off", l)==0)
@@ -15520,9 +15536,17 @@ unknown_mode:;
      return(0);
    }
  }
+ if(allow_restore > 0 && xorriso->allow_restore == -1) {
+   sprintf(xorriso->info_text,
+     "-osirrox: was already permanently disabled by setting 'banned'");
+   Xorriso_msgs_submit(xorriso, 0, xorriso->info_text, 0, "FAILURE", 0);
+   return(0);
+ }
+ if(xorriso->allow_restore != -1)
+   xorriso->allow_restore= allow_restore;
  sprintf(xorriso->info_text,
          "Copying of file objects from ISO image to disk filesystem is: %s\n",
-         xorriso->allow_restore ? "Enabled" : "Disabled");
+         xorriso->allow_restore > 0 ? "Enabled" : "Disabled");
  Xorriso_info(xorriso, 0);
  return(1);
 }
diff --git a/xorriso/xorriso_private.h b/xorriso/xorriso_private.h
index a193c611..fbdfb761 100644
--- a/xorriso/xorriso_private.h
+++ b/xorriso/xorriso_private.h
@@ -237,7 +237,8 @@ struct XorrisO { /* the global context of xorriso */
  /* XORRISO options */
  int allow_graft_points;
 
- int allow_restore; /* 0= disallowed, 1=allowed, 2=device files allowed */
+ int allow_restore; /* -1=permanently disallowed
+                        0=disallowed, 1=allowed, 2=device files allowed */
  int do_concat_split;  /* 1= restore complete split file directories as
                              regular files
                         */
diff --git a/xorriso/xorriso_timestamp.h b/xorriso/xorriso_timestamp.h
index 0d15e5f2..885c64af 100644
--- a/xorriso/xorriso_timestamp.h
+++ b/xorriso/xorriso_timestamp.h
@@ -1 +1 @@
-#define Xorriso_timestamP "2009.04.05.131536"
+#define Xorriso_timestamP "2009.04.05.143043"