From a50a17c075a1e43d261f6fa0082cf66cd2797755 Mon Sep 17 00:00:00 2001 From: Thomas Schmitt Date: Sat, 4 Apr 2009 14:40:11 +0000 Subject: [PATCH] New option -close_filter_list --- xorriso/xorriso.1 | 9 ++++- xorriso/xorriso.c | 27 ++++++++++++++- xorriso/xorriso_private.h | 1 + xorriso/xorriso_timestamp.h | 2 +- xorriso/xorrisoburn.c | 65 ++++++++++++++++++++++++++++++++----- 5 files changed, 93 insertions(+), 11 deletions(-) diff --git a/xorriso/xorriso.1 b/xorriso/xorriso.1 index 1ecb3e82..6ff9f53d 100644 --- a/xorriso/xorriso.1 +++ b/xorriso/xorriso.1 @@ -2,7 +2,7 @@ .\" First parameter, NAME, should be all caps .\" Second parameter, SECTION, should be 1-8, maybe w/ subsection .\" other parameters are allowed: see man(7), man(1) -.TH XORRISO 1 "Apr 03, 2009" +.TH XORRISO 1 "Apr 04, 2009" .\" Please adjust this date whenever revising the manpage. .\" .\" Some roff macros, for reference: @@ -1125,6 +1125,13 @@ Examples: Remove an -external_filter registration. This is only possible if the filter is not applied to any file in the ISO image. .TP +\fB\-close_filter_list\fR +Irrevocably ban commands -external_filter and -unregister_filter, +but not -set_filter. Use this to prevent external filtering in general or +when all intended filters are registered. +External filters may also be banned totally at compile time of xorriso. +By default they are banned if xorriso runs under setuid permission. +.TP \fB\-set_filter\fR name iso_rr_path [***] Apply an -external_filter to the given data files in the ISO image. If the filter suffix is not empty , then it will be appended to the file name. diff --git a/xorriso/xorriso.c b/xorriso/xorriso.c index e2f5225f..6a44adc4 100644 --- a/xorriso/xorriso.c +++ b/xorriso/xorriso.c @@ -4096,6 +4096,7 @@ int Xorriso_new(struct XorrisO ** xorriso,char *progname, int flag) m->global_dir_mode= 0555; m->global_file_mode= 0444; m->filters= NULL; + m->filter_list_closed= 0; m->do_overwrite= 2; m->do_reassure= 0; m->drive_blacklist= NULL; @@ -12641,6 +12642,14 @@ int Xorriso_option_close(struct XorrisO *xorriso, char *mode, int flag) } +/* Option -close_filter_list */ +int Xorriso_option_close_filter_list(struct XorrisO *xorriso, int flag) +{ + xorriso->filter_list_closed= 1; + return(1); +} + + /* Option -commit */ /* @param flag bit0= leave indrive and outdrive aquired as they were, i.e. do not aquire outdrive as new in-out-drive @@ -14257,16 +14266,29 @@ int Xorriso_option_help(struct XorrisO *xorriso, int flag) "Filter options:", "External filter processes may produce synthetic file content by reading the", "original content from stdin and writing to stdout whatever they want.", + +#ifdef Xorriso_allow_external_filterS + " -external_filter name option[:option] program_path [arguments] --", " Define an external filter. Options are: suffix=...: ", " remove_suffix:if_nonempty:if_reduction:if_block_reduction.", " -unregister_filter name", " Undefine an external filter.", +" -close_filter_list", +" Irrevocably ban -external_filter and -unregister_filter.", " -set_filter name iso_rr_path [***]", " Apply a defined filter to the given data files.", " Special name \"--remove-all-filters\" revokes filtering.", " -set_filter_r name iso_rr_path [***]", " Like -set_filter but affecting all files below directories.", + +#else + +"Sorry: The use of external filters was not enabled at compile time.", +" E.g. by ./configure option --enable-external-filters", + +#endif /* ! Xorriso_allow_external_filterS */ + "", "Write-to-media options:", " -rollback Discard the manipulated ISO image and reload it.", @@ -17008,7 +17030,7 @@ int Xorriso_count_args(struct XorrisO *xorriso, int argc, char **argv, int ret, was_dashed= 0, i; char *cmd, cmd_data[2*SfileadrL]; static char arg0_commands[][40]= { - "ban_stdio_write","commit","devices","end","help", + "ban_stdio_write","close_filter_list","commit","devices","end","help", "list_formats","no_rc","print_size","pwd","pwdi","pwdx", "rollback","rollback_end","tell_media_space","toc","version", "" @@ -17274,6 +17296,9 @@ next_command:; (*idx)++; ret= Xorriso_option_close(xorriso, arg1, 0); + } else if(strcmp(cmd,"close_filter_list")==0) { + ret= Xorriso_option_close_filter_list(xorriso, 0); + } else if(strcmp(cmd,"commit")==0) { ret= Xorriso_option_commit(xorriso, 0); diff --git a/xorriso/xorriso_private.h b/xorriso/xorriso_private.h index e48612b6..a193c611 100644 --- a/xorriso/xorriso_private.h +++ b/xorriso/xorriso_private.h @@ -128,6 +128,7 @@ struct XorrisO { /* the global context of xorriso */ mode_t global_file_mode; struct Xorriso_lsT *filters; + int filter_list_closed; int do_overwrite; /* 0=off, 1=on, 2=nondir */ int do_reassure; /* 0=off, 1=on, 2=tree */ diff --git a/xorriso/xorriso_timestamp.h b/xorriso/xorriso_timestamp.h index 925e1a25..cdd3a5ec 100644 --- a/xorriso/xorriso_timestamp.h +++ b/xorriso/xorriso_timestamp.h @@ -1 +1 @@ -#define Xorriso_timestamP "2009.04.04.082636" +#define Xorriso_timestamP "2009.04.04.144009" diff --git a/xorriso/xorrisoburn.c b/xorriso/xorrisoburn.c index b23b426c..7c635ba0 100644 --- a/xorriso/xorrisoburn.c +++ b/xorriso/xorrisoburn.c @@ -9797,13 +9797,6 @@ int Xorriso_set_filter(struct XorrisO *xorriso, void *in_node, new_name[0]= 0; - if(getuid() != geteuid()) { - sprintf(xorriso->info_text, - "-set_filter: UID and EUID differ. Will not run external programs."); - Xorriso_msgs_submit(xorriso, 0, xorriso->info_text, 0, "FATAL", 0); - return(0); - } - node= (IsoNode *) in_node; if(node == NULL) { ret= Xorriso_get_node_by_path(xorriso, path, NULL, &node, 0); @@ -9912,6 +9905,19 @@ cannot_append_suffix:; } ret= 1; } else { + +#ifndef Xorriso_allow_extf_suiD + /* This is a final safety precaution before iso_file_add_external_filter() + performs fork() and executes the alleged filter program. + */ + if(getuid() != geteuid()) { + sprintf(xorriso->info_text, + "-set_filter: UID and EUID differ. Will not run external programs."); + Xorriso_msgs_submit(xorriso, 0, xorriso->info_text, 0, "FATAL", 0); + return(0); + } +#endif /* ! Xorriso_allow_extf_suiD */ + ret = iso_file_add_external_filter(file, cmd, 0); } if(flag & 2) { @@ -9954,11 +9960,50 @@ int Xorriso_external_filter(struct XorrisO *xorriso, char *name, char *options, char *path, int argc, char **argv, int flag) { - int ret, delete= 0, behavior= 0, extf_flag= 0; + int ret, delete= 0, behavior= 0, extf_flag= 0, is_banned= 0; char *what, *what_next, *suffix= ""; struct Xorriso_lsT *lst; struct Xorriso_extF *found_filter, *new_filter= NULL; +#ifndef Xorriso_allow_external_filterS + /* To be controlled by: configure --enable-external-filters */ + + sprintf(xorriso->info_text, "%s : Banned at compile time.", + flag & 1 ? "-unregister_filter" : "-external_filter"); + Xorriso_msgs_submit(xorriso, 0, xorriso->info_text, 0, "FAILURE", 0); + sprintf(xorriso->info_text, +"This may be changed at compile time by ./configure option --enable-external-filters"); + Xorriso_msgs_submit(xorriso, 0, xorriso->info_text, 0, "HINT", 0); + is_banned= 1; + +#endif /* ! Xorriso_allow_external_filterS */ + +#ifndef Xorriso_allow_extf_suiD + /* To be controlled by: configure --enable-external-filters-setuid */ + + if(getuid() != geteuid()) { + sprintf(xorriso->info_text, + "-set_filter: UID and EUID differ. Will not run external programs."); + Xorriso_msgs_submit(xorriso, 0, xorriso->info_text, 0, "FATAL", 0); + sprintf(xorriso->info_text, +"This may be changed at compile time by ./configure option --enable-external-filters-setuid"); + Xorriso_msgs_submit(xorriso, 0, xorriso->info_text, 0, "HINT", 0); + is_banned= 1; + } +#endif /* ! Xorriso_allow_extf_suiD */ + + if(is_banned) + return(0); + + if(xorriso->filter_list_closed) { + sprintf(xorriso->info_text, + "%s : Banned by previous command -close_filter_list", + flag & 1 ? "-unregister_filter" : "-external_filter"); + Xorriso_msgs_submit(xorriso, 0, xorriso->info_text, 0, "FAILURE", 0); + return(0); + } + + delete= flag & 1; ret= Xorriso_lookup_extf(xorriso, name, &lst, 0); if(ret < 0) @@ -10096,5 +10141,9 @@ int Xorriso_status_extf(struct XorrisO *xorriso, char *filter, FILE *fp, strcat(line, " --\n"); Xorriso_status_result(xorriso, filter, fp, flag&2); } + if(xorriso->filter_list_closed) { + strcpy(line, "-close_filter_list\n"); + Xorriso_status_result(xorriso, filter, fp, flag&2); + } return(1); }