configure options to control availability of external filters in xorriso

This commit is contained in:
Thomas Schmitt 2009-04-04 14:42:41 +00:00
parent a50a17c075
commit c89febb7a1
8 changed files with 77 additions and 4 deletions

View File

@ -51,7 +51,8 @@ bin_PROGRAMS = \
xorriso_xorriso_CPPFLAGS = -Ilibisoburn
xorriso_xorriso_CFLAGS = -DXorriso_with_maiN \
$(READLINE_DEF) $(LIBACL_DEF) $(XATTR_DEF)
$(READLINE_DEF) $(LIBACL_DEF) $(XATTR_DEF) \
$(EXTF_DEF) $(EXTF_SUID_DEF)
xorriso_xorriso_LDADD = libisoburn/libisoburn.la -lisofs -lburn \
$(THREAD_LIBS) $(LIBBURN_ARCH_LIBS)

11
README
View File

@ -80,6 +80,17 @@ are present. This dependcy can be avoided by running
./configure --prefix=/usr --disable-libreadline
make clean ; make
Never omit the "make clean" command after switching libreadline enabling.
Other deliberate dependency reduction options of ./configure are:
--disable-libacl avoid use of ACL functions like acl_to_text()
--disable-xattr avoid use of xattr functions like listxattr()
xorriso allows to use external processes as file content filters. This is
a potential security risk which may be avoided by ./configure option
--disable-external-filters
By default the filter feature is disabled if effective user id and real
user id differ. This ban can be lifted by
--enable-external-filters-setuid
Drives and Disk File Objects

View File

@ -144,6 +144,32 @@ else
fi
AC_SUBST(XATTR_DEF)
AC_ARG_ENABLE(external-filters,
[ --enable-external-filters Enable use of external filter programs by xorriso, default=yes],
, enable_external_filters=yes)
if test x"$enable_external_filters" = xyes; then
EXTF_DEF="-DXorriso_allow_external_filterS"
echo "enabled xorriso external filter programs"
else
EXTF_DEF=
echo "disabled xorriso external filter programs"
fi
AC_SUBST(EXTF_DEF)
AC_ARG_ENABLE(external-filters-setuid,
[ --enable-external-filters-setuid Enable xorriso external filter programs under setuid, default=no],
, enable_external_filters_setuid=no)
if test x$enable_external_filters_setuid = xyes; then
EXTF_SUID_DEF="-DXorriso_allow_extf_suiD"
echo "enabled xorriso external filter programs under setuid"
else
EXTF_SUID_DEF=
echo "disabled xorriso external filter programs under setuid"
fi
AC_SUBST(EXTF_SUID_DEF)
AC_CHECK_HEADER(libburn/libburn.h)
AC_CHECK_HEADER(libisofs/libisofs.h)

View File

@ -92,6 +92,14 @@ Other deliberate dependency reduction options of ./configure are:
--disable-libacl avoid use of ACL functions like acl_to_text()
--disable-xattr avoid use of xattr functions like listxattr()
xorriso allows to use external processes as file content filters. This is
a potential security risk which may be avoided by ./configure option
--disable-external-filters
By default the filter feature is disabled if effective user id and real
user id differ. This ban can be lifted by
--enable-external-filters-setuid
If you want xorriso to report a "Build timestamp" with its option -version:
make buildstamped

View File

@ -17,7 +17,7 @@ isoburn=./libisoburn-develop/libisoburn
xorr=./libisoburn-develop/xorriso
debug_opts="-O2"
def_opts=
def_opts="-DXorriso_allow_external_filterS"
largefile_opts="-D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE=1"
do_strip=0
static_opts=

View File

@ -156,6 +156,32 @@ fi
AC_SUBST(XATTR_DEF)
AC_ARG_ENABLE(external-filters,
[ --enable-external-filters Enable use of external filter programs by xorriso, default=yes],
, enable_external_filters=yes)
if test x"$enable_external_filters" = xyes; then
EXTF_DEF="-DXorriso_allow_external_filterS"
echo "enabled xorriso external filter programs"
else
EXTF_DEF=
echo "disabled xorriso external filter programs"
fi
AC_SUBST(EXTF_DEF)
AC_ARG_ENABLE(external-filters-setuid,
[ --enable-external-filters-setuid Enable xorriso external filter programs under setuid, default=no],
, enable_external_filters_setuid=no)
if test x$enable_external_filters_setuid = xyes; then
EXTF_SUID_DEF="-DXorriso_allow_extf_suiD"
echo "enabled xorriso external filter programs under setuid"
else
EXTF_SUID_DEF=
echo "disabled xorriso external filter programs under setuid"
fi
AC_SUBST(EXTF_SUID_DEF)
AC_CONFIG_FILES([
Makefile
version.h

View File

@ -21,7 +21,8 @@ xorriso_xorriso_CPPFLAGS = -I./libburn -I./libisofs -I./libisoburn -I./xorriso
# No readline in the vanilla version because the necessary headers
# are in a separate readline-development package.
xorriso_xorriso_CFLAGS = -DXorriso_standalonE -DXorriso_with_maiN \
$(READLINE_DEF) $(LIBACL_DEF) $(XATTR_DEF)
$(READLINE_DEF) $(LIBACL_DEF) $(XATTR_DEF) \
$(EXTF_DEF) $(EXTF_SUID_DEF)
xorriso_xorriso_LDADD = $(THREAD_LIBS) $(LIBBURN_ARCH_LIBS)

View File

@ -1 +1 @@
#define Xorriso_timestamP "2009.04.04.144009"
#define Xorriso_timestamP "2009.04.04.144241"