From 78e1f39a21c3c71120f0dcb3d9d2959b9227c222 Mon Sep 17 00:00:00 2001
From: Eoin Clerkin <e.clerkin@gsi.de>
Date: Thu, 30 Nov 2023 14:09:56 +0100
Subject: [PATCH] Set webgui browser off by default

via alias. Addresses recent cern root issue, See SWM 20231130
---
 cmake/scripts/config.sh.in | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/cmake/scripts/config.sh.in b/cmake/scripts/config.sh.in
index 3508ff3e42..2ad66a08b7 100644
--- a/cmake/scripts/config.sh.in
+++ b/cmake/scripts/config.sh.in
@@ -58,5 +58,11 @@ if [ $same_system -eq 1 ]; then
                         export PATH=$PATH:"@MY_PATH@"
 			;;
 	esac
+
+        echo "default root version is "`which root`
+        alias root='root --web=off'
+        alias
+        echo "root web-gui turned off by default via an alias. See security issue https://root.cern/about/security/#2023-11-26-open-port-for-control-of-web-gui-allows-read-and-write-access-to-file-system"
+
  	echo "Configured CBMROOT build @CBMROOT_BUILD_HASH@ (@CBMROOT_BUILD_HASH_DATE@)"
 fi
-- 
GitLab