diff -uP blackbox-0.61.1-orig/src/Makefile.am blackbox-0.61.1/src/Makefile.am --- blackbox-0.61.1-orig/src/Makefile.am Wed Jul 26 07:55:14 2000 +++ blackbox-0.61.1/src/Makefile.am Fri Mar 2 18:04:39 2001 @@ -21,12 +21,15 @@ DEFAULT_MENU=$(pkgdatadir)/menu DEFAULT_STYLE=$(pkgdatadir)/styles/Results +# 02/Mar/2001 reed +DEFAULT_ROOTCOMMANDAPP="bsetbg -full" CPPFLAGS= @CPPFLAGS@ @SHAPE@ @SLIT@ @INTERLACE@ @ORDEREDPSEUDO@ \ @DEBUG@ @NEWWMSPEC@ @NLS@ @TIMEDCACHE@ \ -DLOCALEPATH=\"$(pkgdatadir)/nls\" \ -DDEFAULTMENU=\"$(DEFAULT_MENU)\" \ -DDEFAULTSTYLE=\"$(DEFAULT_STYLE)\" +-DDEFAULTROOTCOMMANDAPP=\"$(DEFAULT_ROOTCOMMANDAPP)\" bin_PROGRAMS= blackbox diff -uP blackbox-0.61.1-orig/src/Makefile.in blackbox-0.61.1/src/Makefile.in --- blackbox-0.61.1-orig/src/Makefile.in Sun Oct 8 21:16:58 2000 +++ blackbox-0.61.1/src/Makefile.in Fri Mar 2 18:04:55 2001 @@ -97,8 +97,10 @@ DEFAULT_MENU = $(pkgdatadir)/menu DEFAULT_STYLE = $(pkgdatadir)/styles/Results +# 02/Mar/2001 reed +DEFAULT_ROOTCOMMANDAPP = "bsetbg -full" -CPPFLAGS = @CPPFLAGS@ @SHAPE@ @SLIT@ @INTERLACE@ @ORDEREDPSEUDO@ @DEBUG@ @NEWWMSPEC@ @NLS@ @TIMEDCACHE@ -DLOCALEPATH=\"$(pkgdatadir)/nls\" -DDEFAULTMENU=\"$(DEFAULT_MENU)\" -DDEFAULTSTYLE=\"$(DEFAULT_STYLE)\" +CPPFLAGS = @CPPFLAGS@ @SHAPE@ @SLIT@ @INTERLACE@ @ORDEREDPSEUDO@ @DEBUG@ @NEWWMSPEC@ @NLS@ @TIMEDCACHE@ -DLOCALEPATH=\"$(pkgdatadir)/nls\" -DDEFAULTMENU=\"$(DEFAULT_MENU)\" -DDEFAULTSTYLE=\"$(DEFAULT_STYLE)\" -DDEFAULTROOTCOMMANDAPP=\"$(DEFAULT_ROOTCOMMANDAPP)\" bin_PROGRAMS = blackbox diff -uP blackbox-0.61.1-orig/src/Screen.cc blackbox-0.61.1/src/Screen.cc --- blackbox-0.61.1-orig/src/Screen.cc Thu Oct 5 19:01:12 2000 +++ blackbox-0.61.1/src/Screen.cc Fri Mar 2 18:04:17 2001 @@ -1337,9 +1337,47 @@ } else resource.frame_width = resource.bevel_width; +// 02/Mar/2001 reed - rootImage defines an image filename if (XrmGetResource(resource.stylerc, + "rootImage", + "RootImage", &value_type, &value)) { + char displaystring[MAXPATHLEN]; + int okay; +// 02/Mar/2001 reed - this is wrong, imagecommand will hold +// the command to run and the filename + char imagecommand[MAXPATHLEN]; + +// before doing anything with this filename, make sure it is safe + + okay = 1; + if (strchr(value.addr, '`')) okay = 0; + else if (strchr(value.addr, '|')) okay = 0; + else if (strchr(value.addr, ';')) okay = 0; +// maybe it should check for others? + + if (okay) { + sprintf(displaystring, "DISPLAY=%s", + DisplayString(getBaseDisplay()->getXDisplay())); + sprintf(displaystring + strlen(displaystring) - 1, "%d", + getScreenNumber()); +// 02/Mar/2001 reed - bsetbg should be the default, but not hardcoded here + snprintf(imagecommand, MAXPATHLEN, "%s %s", + blackbox->getRootCommandApp(), value.addr); +#ifndef __EMX__ + bexec(imagecommand, displaystring); +#else // __EMX__ + spawnlp(P_NOWAIT, "cmd.exe", "cmd.exe", "/c", imagecommand, NULL); +#endif // !__EMX__ + } +// else maybe this should log about the problem + } + +// Even if RootImage is used above, the root image may be changed here + + if ((XrmGetResource(resource.stylerc, "rootCommand", - "RootCommand", &value_type, &value)) { + "RootCommand", &value_type, &value)) && + (blackbox->getAllowRootCommand())) { #ifndef __EMX__ char displaystring[MAXPATHLEN]; sprintf(displaystring, "DISPLAY=%s", diff -uP blackbox-0.61.1-orig/src/blackbox.cc blackbox-0.61.1/src/blackbox.cc --- blackbox-0.61.1-orig/src/blackbox.cc Sat Jun 24 22:56:48 2000 +++ blackbox-0.61.1/src/blackbox.cc Fri Mar 2 18:03:58 2001 @@ -1022,6 +1022,15 @@ sprintf(rc_string, "session.menuFile: %s", resource.menu_file); XrmPutLineResource(&new_blackboxrc, rc_string); +// 02/Mar/2001 reed + sprintf(rc_string, "allowRootCommand: %s", + ((resource.allow_root_command ? "True" : "False"))); + XrmPutLineResource(&new_blackboxrc, rc_string); + +// 02/Mar/2001 reed + sprintf(rc_string, "rootCommandApp: %s", resource.root_command_app); + XrmPutLineResource(&new_blackboxrc, rc_string); + sprintf(rc_string, "session.colorsPerChannel: %d", resource.colors_per_channel); XrmPutLineResource(&new_blackboxrc, rc_string); @@ -1262,6 +1271,25 @@ resource.menu_file = bstrdup(value.addr); else resource.menu_file = bstrdup(DEFAULTMENU); + +// 02/Mar/2001 reed - menu's rootCommand can be disabled +// Allow execution of a style's possibly malicious rootCommand? + if (XrmGetResource(database, "allowRootCommand", "AllowRootCommand", + &value_type, &value)) { + if (! strncasecmp("true", value.addr, value.size)) + resource.allow_root_command = True; + else + resource.allow_root_command = False; + } else + // This is the default -- a style's rootCommand is enabled + resource.allow_root_command = True; + +// 02/Mar/2001 reed - choose the root image application + if (XrmGetResource(database, "rootCommandApp", "RootCommandApp", + &value_type, &value)) + resource.root_command_app = bstrdup(value.addr); + else + resource.root_command_app = bstrdup(DEFAULTROOTCOMMANDAPP); if (XrmGetResource(database, "session.colorsPerChannel", "Session.ColorsPerChannel", &value_type, &value)) { diff -uP blackbox-0.61.1-orig/src/blackbox.hh blackbox-0.61.1/src/blackbox.hh --- blackbox-0.61.1-orig/src/blackbox.hh Wed May 31 15:42:49 2000 +++ blackbox-0.61.1/src/blackbox.hh Fri Mar 2 16:57:55 2001 @@ -80,6 +80,10 @@ Time double_click_interval; char *menu_file, *style_file; +// 02/Mar/2001 reed + Bool allow_root_command; +// 02/Mar/2001 reed + char *root_command_app; int colors_per_channel; timeval auto_raise_delay; unsigned long cache_life, cache_max; @@ -151,6 +155,14 @@ { return resource.style_file; } inline const char *getMenuFilename(void) const { return resource.menu_file; } + +// 02/Mar/2001 reed + inline const Bool getAllowRootCommand(void) const + { return resource.allow_root_command; } + +// 02/Mar/2001 reed + inline const char *getRootCommandApp(void) const + { return resource.root_command_app; } inline const int &getColorsPerChannel(void) const { return resource.colors_per_channel; }