diff options
-rw-r--r-- | src/firejail/x11.c | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/src/firejail/x11.c b/src/firejail/x11.c index 0927593b0..e707ab8bd 100644 --- a/src/firejail/x11.c +++ b/src/firejail/x11.c | |||
@@ -1238,6 +1238,20 @@ void x11_xorg(void) { | |||
1238 | errLogExit("invalid .Xauthority mount"); | 1238 | errLogExit("invalid .Xauthority mount"); |
1239 | 1239 | ||
1240 | ASSERT_PERMS(dest, getuid(), getgid(), 0600); | 1240 | ASSERT_PERMS(dest, getuid(), getgid(), 0600); |
1241 | |||
1242 | // blacklist .Xauthority file if it is not masked already | ||
1243 | char *envar = getenv("XAUTHORITY"); | ||
1244 | if (envar) { | ||
1245 | char *rp = realpath(envar, NULL); | ||
1246 | if (rp) { | ||
1247 | if (strcmp(rp, dest) != 0) | ||
1248 | disable_file_or_dir(rp); | ||
1249 | free(rp); | ||
1250 | } | ||
1251 | // update environment variable, so our new .Xauthority file is used | ||
1252 | if (setenv("XAUTHORITY", dest, 1) < 0) | ||
1253 | errExit("setenv"); | ||
1254 | } | ||
1241 | free(dest); | 1255 | free(dest); |
1242 | #endif | 1256 | #endif |
1243 | } | 1257 | } |