Merge pull request #6129 from kmk3/revert-lookup-xauth

Revert "Lookup xauth in PATH."
author: netblue30 <netblue30@protonmail.com> 2023-12-21 09:53:17 -0500
committer: GitHub <noreply@github.com> 2023-12-21 09:53:17 -0500
commit: f0be1a48bf75de45ffbf18df26855e874eb3e016 (patch)
tree: 2ca8dfb5b2e7ddf1c3d8f075910972be7812ad72
parent: Merge pull request #6128 from pirate486743186/master (diff)
parent: Revert "Lookup xauth in PATH." (diff)
download: firejail-f0be1a48bf75de45ffbf18df26855e874eb3e016.tar.gz
firejail-f0be1a48bf75de45ffbf18df26855e874eb3e016.tar.zst
firejail-f0be1a48bf75de45ffbf18df26855e874eb3e016.zip
2 files changed, 13 insertions, 23 deletions
diff --git a/src/firejail/fs_lib2.c b/src/firejail/fs_lib2.c
index b43c36c1a..583888e0e 100644
--- a/src/firejail/fs_lib2.c
+++ b/src/firejail/fs_lib2.c
@@ -166,12 +166,8 @@ void fslib_install_firejail(void) {
                fslib_mount_libs(RUN_MNT_DIR "/dhclient", 1); // parse as user
        // bring in xauth libraries
-        char *xauth_bin = find_in_path("xauth");
        if (arg_x11_xorg)
-                fslib_mount_libs(xauth_bin, 1); // parse as user
+                fslib_mount_libs("/usr/bin/xauth", 1); // parse as user
-        free(xauth_bin);
        fmessage("Firejail libraries installed in %0.2f ms\n", timetrace_end());
 }
diff --git a/src/firejail/x11.c b/src/firejail/x11.c
index 3721a2c2c..2eaa9bde5 100644
--- a/src/firejail/x11.c
+++ b/src/firejail/x11.c
@@ -1164,6 +1164,7 @@ void x11_start(int argc, char **argv) {
 }
 #endif
 void x11_xorg(void) {
 #ifdef HAVE_X11
@@ -1174,38 +1175,31 @@ void x11_xorg(void) {
                exit(1);
        }
-        char *xauth_bin = find_in_path("xauth");
        // check xauth utility is present in the system
-        if (!xauth_bin) {
+        struct stat s;
-                fprintf(stderr, "Error: xauth utility not found in PATH. Please install it:\n");
+        if (stat("/usr/bin/xauth", &s) == -1) {
+                fprintf(stderr, "Error: xauth utility not found in /usr/bin. Please install it:\n");
                fprintf(stderr, "   Debian/Ubuntu/Mint: sudo apt-get install xauth\n");
                fprintf(stderr, "   Arch: sudo pacman -S xorg-xauth\n");
                fprintf(stderr, "   Fedora: sudo dnf install xorg-x11-xauth\n");
                exit(1);
        }
-        struct stat s;
-        if (stat(xauth_bin, &s) == -1) {
-                fprintf(stderr, "Error: %s: %s\n", xauth_bin, strerror(errno));
-                exit(1);
-        }
        if ((s.st_uid != 0 && s.st_gid != 0) || (s.st_mode & S_IWOTH)) {
-                fprintf(stderr, "Error: invalid %s executable\n", xauth_bin);
+                fprintf(stderr, "Error: invalid /usr/bin/xauth executable\n");
                exit(1);
        }
        if (s.st_size > 1024 * 1024) {
-                fprintf(stderr, "Error: %s executable is too large\n", xauth_bin);
+                fprintf(stderr, "Error: /usr/bin/xauth executable is too large\n");
                exit(1);
        }
-        // copy xauth in the sandbox and set mode to 0711
+        // copy /usr/bin/xauth in the sandbox and set mode to 0711
        // users are not able to trace the running xauth this way
        if (arg_debug)
-                printf("Copying %s to %s\n", xauth_bin, RUN_XAUTH_FILE);
+                printf("Copying /usr/bin/xauth to %s\n", RUN_XAUTH_FILE);
+        if (copy_file("/usr/bin/xauth", RUN_XAUTH_FILE, 0, 0, 0711)) {
-        copy_file_from_user_to_root(xauth_bin, RUN_XAUTH_FILE, 0, 0, 0711);
+                fprintf(stderr, "Error: cannot copy /usr/bin/xauth executable\n");
+                exit(1);
-        free(xauth_bin);
+        }
        fmessage("Generating a new .Xauthority file\n");
        mkdir_attr(RUN_XAUTHORITY_SEC_DIR, 0700, getuid(), getgid());
author	netblue30 <netblue30@protonmail.com>	2023-12-21 09:53:17 -0500
committer	GitHub <noreply@github.com>	2023-12-21 09:53:17 -0500
commit	f0be1a48bf75de45ffbf18df26855e874eb3e016 (patch)
tree	2ca8dfb5b2e7ddf1c3d8f075910972be7812ad72
parent	Merge pull request #6128 from pirate486743186/master (diff)
parent	Revert "Lookup xauth in PATH." (diff)
download	firejail-f0be1a48bf75de45ffbf18df26855e874eb3e016.tar.gz firejail-f0be1a48bf75de45ffbf18df26855e874eb3e016.tar.zst firejail-f0be1a48bf75de45ffbf18df26855e874eb3e016.zip

diff --git a/src/firejail/fs_lib2.c b/src/firejail/fs_lib2.c index b43c36c1a..583888e0e 100644 --- a/src/firejail/fs_lib2.c +++ b/src/firejail/fs_lib2.c
@@ -166,12 +166,8 @@ void fslib_install_firejail(void) {
166	fslib_mount_libs(RUN_MNT_DIR "/dhclient", 1); // parse as user	166	fslib_mount_libs(RUN_MNT_DIR "/dhclient", 1); // parse as user
167		167
168	// bring in xauth libraries	168	// bring in xauth libraries
169
170	char *xauth_bin = find_in_path("xauth");
171	if (arg_x11_xorg)	169	if (arg_x11_xorg)
172	fslib_mount_libs(xauth_bin, 1); // parse as user	170	fslib_mount_libs("/usr/bin/xauth", 1); // parse as user
173
174	free(xauth_bin);
175		171
176	fmessage("Firejail libraries installed in %0.2f ms\n", timetrace_end());	172	fmessage("Firejail libraries installed in %0.2f ms\n", timetrace_end());
177	}	173	}


diff --git a/src/firejail/x11.c b/src/firejail/x11.c index 3721a2c2c..2eaa9bde5 100644 --- a/src/firejail/x11.c +++ b/src/firejail/x11.c
@@ -1164,6 +1164,7 @@ void x11_start(int argc, char **argv) {
1164	}	1164	}
1165	#endif	1165	#endif
1166		1166
		1167
1167	void x11_xorg(void) {	1168	void x11_xorg(void) {
1168	#ifdef HAVE_X11	1169	#ifdef HAVE_X11
1169		1170
@@ -1174,38 +1175,31 @@ void x11_xorg(void) {
1174	exit(1);	1175	exit(1);
1175	}	1176	}
1176		1177
1177	char *xauth_bin = find_in_path("xauth");
1178
1179	// check xauth utility is present in the system	1178	// check xauth utility is present in the system
1180	if (!xauth_bin) {	1179	struct stat s;
1181	fprintf(stderr, "Error: xauth utility not found in PATH. Please install it:\n");	1180	if (stat("/usr/bin/xauth", &s) == -1) {
		1181	fprintf(stderr, "Error: xauth utility not found in /usr/bin. Please install it:\n");
1182	fprintf(stderr, " Debian/Ubuntu/Mint: sudo apt-get install xauth\n");	1182	fprintf(stderr, " Debian/Ubuntu/Mint: sudo apt-get install xauth\n");
1183	fprintf(stderr, " Arch: sudo pacman -S xorg-xauth\n");	1183	fprintf(stderr, " Arch: sudo pacman -S xorg-xauth\n");
1184	fprintf(stderr, " Fedora: sudo dnf install xorg-x11-xauth\n");	1184	fprintf(stderr, " Fedora: sudo dnf install xorg-x11-xauth\n");
1185	exit(1);	1185	exit(1);
1186	}	1186	}
1187
1188	struct stat s;
1189	if (stat(xauth_bin, &s) == -1) {
1190	fprintf(stderr, "Error: %s: %s\n", xauth_bin, strerror(errno));
1191	exit(1);
1192	}
1193	if ((s.st_uid != 0 && s.st_gid != 0) \|\| (s.st_mode & S_IWOTH)) {	1187	if ((s.st_uid != 0 && s.st_gid != 0) \|\| (s.st_mode & S_IWOTH)) {
1194	fprintf(stderr, "Error: invalid %s executable\n", xauth_bin);	1188	fprintf(stderr, "Error: invalid /usr/bin/xauth executable\n");
1195	exit(1);	1189	exit(1);
1196	}	1190	}
1197	if (s.st_size > 1024 * 1024) {	1191	if (s.st_size > 1024 * 1024) {
1198	fprintf(stderr, "Error: %s executable is too large\n", xauth_bin);	1192	fprintf(stderr, "Error: /usr/bin/xauth executable is too large\n");
1199	exit(1);	1193	exit(1);
1200	}	1194	}
1201	// copy xauth in the sandbox and set mode to 0711	1195	// copy /usr/bin/xauth in the sandbox and set mode to 0711
1202	// users are not able to trace the running xauth this way	1196	// users are not able to trace the running xauth this way
1203	if (arg_debug)	1197	if (arg_debug)
1204	printf("Copying %s to %s\n", xauth_bin, RUN_XAUTH_FILE);	1198	printf("Copying /usr/bin/xauth to %s\n", RUN_XAUTH_FILE);
1205		1199	if (copy_file("/usr/bin/xauth", RUN_XAUTH_FILE, 0, 0, 0711)) {
1206	copy_file_from_user_to_root(xauth_bin, RUN_XAUTH_FILE, 0, 0, 0711);	1200	fprintf(stderr, "Error: cannot copy /usr/bin/xauth executable\n");
1207		1201	exit(1);
1208	free(xauth_bin);	1202	}
1209		1203
1210	fmessage("Generating a new .Xauthority file\n");	1204	fmessage("Generating a new .Xauthority file\n");
1211	mkdir_attr(RUN_XAUTHORITY_SEC_DIR, 0700, getuid(), getgid());	1205	mkdir_attr(RUN_XAUTHORITY_SEC_DIR, 0700, getuid(), getgid());