diff options
author | netblue30 <netblue30@protonmail.com> | 2023-12-21 09:53:17 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-12-21 09:53:17 -0500 |
commit | f0be1a48bf75de45ffbf18df26855e874eb3e016 (patch) | |
tree | 2ca8dfb5b2e7ddf1c3d8f075910972be7812ad72 /src | |
parent | Merge pull request #6128 from pirate486743186/master (diff) | |
parent | Revert "Lookup xauth in PATH." (diff) | |
download | firejail-f0be1a48bf75de45ffbf18df26855e874eb3e016.tar.gz firejail-f0be1a48bf75de45ffbf18df26855e874eb3e016.tar.zst firejail-f0be1a48bf75de45ffbf18df26855e874eb3e016.zip |
Merge pull request #6129 from kmk3/revert-lookup-xauth
Revert "Lookup xauth in PATH."
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/fs_lib2.c | 6 | ||||
-rw-r--r-- | src/firejail/x11.c | 30 |
2 files changed, 13 insertions, 23 deletions
diff --git a/src/firejail/fs_lib2.c b/src/firejail/fs_lib2.c index b43c36c1a..583888e0e 100644 --- a/src/firejail/fs_lib2.c +++ b/src/firejail/fs_lib2.c | |||
@@ -166,12 +166,8 @@ void fslib_install_firejail(void) { | |||
166 | fslib_mount_libs(RUN_MNT_DIR "/dhclient", 1); // parse as user | 166 | fslib_mount_libs(RUN_MNT_DIR "/dhclient", 1); // parse as user |
167 | 167 | ||
168 | // bring in xauth libraries | 168 | // bring in xauth libraries |
169 | |||
170 | char *xauth_bin = find_in_path("xauth"); | ||
171 | if (arg_x11_xorg) | 169 | if (arg_x11_xorg) |
172 | fslib_mount_libs(xauth_bin, 1); // parse as user | 170 | fslib_mount_libs("/usr/bin/xauth", 1); // parse as user |
173 | |||
174 | free(xauth_bin); | ||
175 | 171 | ||
176 | fmessage("Firejail libraries installed in %0.2f ms\n", timetrace_end()); | 172 | fmessage("Firejail libraries installed in %0.2f ms\n", timetrace_end()); |
177 | } | 173 | } |
diff --git a/src/firejail/x11.c b/src/firejail/x11.c index 3721a2c2c..2eaa9bde5 100644 --- a/src/firejail/x11.c +++ b/src/firejail/x11.c | |||
@@ -1164,6 +1164,7 @@ void x11_start(int argc, char **argv) { | |||
1164 | } | 1164 | } |
1165 | #endif | 1165 | #endif |
1166 | 1166 | ||
1167 | |||
1167 | void x11_xorg(void) { | 1168 | void x11_xorg(void) { |
1168 | #ifdef HAVE_X11 | 1169 | #ifdef HAVE_X11 |
1169 | 1170 | ||
@@ -1174,38 +1175,31 @@ void x11_xorg(void) { | |||
1174 | exit(1); | 1175 | exit(1); |
1175 | } | 1176 | } |
1176 | 1177 | ||
1177 | char *xauth_bin = find_in_path("xauth"); | ||
1178 | |||
1179 | // check xauth utility is present in the system | 1178 | // check xauth utility is present in the system |
1180 | if (!xauth_bin) { | 1179 | struct stat s; |
1181 | fprintf(stderr, "Error: xauth utility not found in PATH. Please install it:\n"); | 1180 | if (stat("/usr/bin/xauth", &s) == -1) { |
1181 | fprintf(stderr, "Error: xauth utility not found in /usr/bin. Please install it:\n"); | ||
1182 | fprintf(stderr, " Debian/Ubuntu/Mint: sudo apt-get install xauth\n"); | 1182 | fprintf(stderr, " Debian/Ubuntu/Mint: sudo apt-get install xauth\n"); |
1183 | fprintf(stderr, " Arch: sudo pacman -S xorg-xauth\n"); | 1183 | fprintf(stderr, " Arch: sudo pacman -S xorg-xauth\n"); |
1184 | fprintf(stderr, " Fedora: sudo dnf install xorg-x11-xauth\n"); | 1184 | fprintf(stderr, " Fedora: sudo dnf install xorg-x11-xauth\n"); |
1185 | exit(1); | 1185 | exit(1); |
1186 | } | 1186 | } |
1187 | |||
1188 | struct stat s; | ||
1189 | if (stat(xauth_bin, &s) == -1) { | ||
1190 | fprintf(stderr, "Error: %s: %s\n", xauth_bin, strerror(errno)); | ||
1191 | exit(1); | ||
1192 | } | ||
1193 | if ((s.st_uid != 0 && s.st_gid != 0) || (s.st_mode & S_IWOTH)) { | 1187 | if ((s.st_uid != 0 && s.st_gid != 0) || (s.st_mode & S_IWOTH)) { |
1194 | fprintf(stderr, "Error: invalid %s executable\n", xauth_bin); | 1188 | fprintf(stderr, "Error: invalid /usr/bin/xauth executable\n"); |
1195 | exit(1); | 1189 | exit(1); |
1196 | } | 1190 | } |
1197 | if (s.st_size > 1024 * 1024) { | 1191 | if (s.st_size > 1024 * 1024) { |
1198 | fprintf(stderr, "Error: %s executable is too large\n", xauth_bin); | 1192 | fprintf(stderr, "Error: /usr/bin/xauth executable is too large\n"); |
1199 | exit(1); | 1193 | exit(1); |
1200 | } | 1194 | } |
1201 | // copy xauth in the sandbox and set mode to 0711 | 1195 | // copy /usr/bin/xauth in the sandbox and set mode to 0711 |
1202 | // users are not able to trace the running xauth this way | 1196 | // users are not able to trace the running xauth this way |
1203 | if (arg_debug) | 1197 | if (arg_debug) |
1204 | printf("Copying %s to %s\n", xauth_bin, RUN_XAUTH_FILE); | 1198 | printf("Copying /usr/bin/xauth to %s\n", RUN_XAUTH_FILE); |
1205 | 1199 | if (copy_file("/usr/bin/xauth", RUN_XAUTH_FILE, 0, 0, 0711)) { | |
1206 | copy_file_from_user_to_root(xauth_bin, RUN_XAUTH_FILE, 0, 0, 0711); | 1200 | fprintf(stderr, "Error: cannot copy /usr/bin/xauth executable\n"); |
1207 | 1201 | exit(1); | |
1208 | free(xauth_bin); | 1202 | } |
1209 | 1203 | ||
1210 | fmessage("Generating a new .Xauthority file\n"); | 1204 | fmessage("Generating a new .Xauthority file\n"); |
1211 | mkdir_attr(RUN_XAUTHORITY_SEC_DIR, 0700, getuid(), getgid()); | 1205 | mkdir_attr(RUN_XAUTHORITY_SEC_DIR, 0700, getuid(), getgid()); |