From 407c05ebefe23e725f858b6170b3e52659e044a2 Mon Sep 17 00:00:00 2001
From: Dmitry Chestnykh <dm.chestnykh@gmail.com>
Date: Mon, 13 Nov 2023 15:13:47 +0300
Subject: Lookup xauth in PATH.

Don't use hardcoded `/usr/bin/xauth`,
iterate over directories inside PATH instead.

This fixes https://github.com/netblue30/firejail/issues/6006
---
 src/firejail/fs_lib2.c |  6 +++++-
 src/firejail/x11.c     | 30 ++++++++++++++++++------------
 2 files changed, 23 insertions(+), 13 deletions(-)

diff --git a/src/firejail/fs_lib2.c b/src/firejail/fs_lib2.c
index 583888e0e..b43c36c1a 100644
--- a/src/firejail/fs_lib2.c
+++ b/src/firejail/fs_lib2.c
@@ -166,8 +166,12 @@ void fslib_install_firejail(void) {
 		fslib_mount_libs(RUN_MNT_DIR "/dhclient", 1); // parse as user
 
 	// bring in xauth libraries
+
+	char *xauth_bin = find_in_path("xauth");
 	if (arg_x11_xorg)
-		fslib_mount_libs("/usr/bin/xauth", 1); // parse as user
+		fslib_mount_libs(xauth_bin, 1); // parse as user
+
+	free(xauth_bin);
 
 	fmessage("Firejail libraries installed in %0.2f ms\n", timetrace_end());
 }
diff --git a/src/firejail/x11.c b/src/firejail/x11.c
index 2eaa9bde5..3721a2c2c 100644
--- a/src/firejail/x11.c
+++ b/src/firejail/x11.c
@@ -1164,7 +1164,6 @@ void x11_start(int argc, char **argv) {
 }
 #endif
 
-
 void x11_xorg(void) {
 #ifdef HAVE_X11
 
@@ -1175,31 +1174,38 @@ void x11_xorg(void) {
 		exit(1);
 	}
 
+	char *xauth_bin = find_in_path("xauth");
+
 	// check xauth utility is present in the system
-	struct stat s;
-	if (stat("/usr/bin/xauth", &s) == -1) {
-		fprintf(stderr, "Error: xauth utility not found in /usr/bin. Please install it:\n");
+	if (!xauth_bin) {
+		fprintf(stderr, "Error: xauth utility not found in PATH. Please install it:\n");
 		fprintf(stderr, "   Debian/Ubuntu/Mint: sudo apt-get install xauth\n");
 		fprintf(stderr, "   Arch: sudo pacman -S xorg-xauth\n");
 		fprintf(stderr, "   Fedora: sudo dnf install xorg-x11-xauth\n");
 		exit(1);
 	}
+
+	struct stat s;
+	if (stat(xauth_bin, &s) == -1) {
+		fprintf(stderr, "Error: %s: %s\n", xauth_bin, strerror(errno));
+		exit(1);
+	}
 	if ((s.st_uid != 0 && s.st_gid != 0) || (s.st_mode & S_IWOTH)) {
-		fprintf(stderr, "Error: invalid /usr/bin/xauth executable\n");
+		fprintf(stderr, "Error: invalid %s executable\n", xauth_bin);
 		exit(1);
 	}
 	if (s.st_size > 1024 * 1024) {
-		fprintf(stderr, "Error: /usr/bin/xauth executable is too large\n");
+		fprintf(stderr, "Error: %s executable is too large\n", xauth_bin);
 		exit(1);
 	}
-	// copy /usr/bin/xauth in the sandbox and set mode to 0711
+	// copy xauth in the sandbox and set mode to 0711
 	// users are not able to trace the running xauth this way
 	if (arg_debug)
-		printf("Copying /usr/bin/xauth to %s\n", RUN_XAUTH_FILE);
-	if (copy_file("/usr/bin/xauth", RUN_XAUTH_FILE, 0, 0, 0711)) {
-		fprintf(stderr, "Error: cannot copy /usr/bin/xauth executable\n");
-		exit(1);
-	}
+		printf("Copying %s to %s\n", xauth_bin, RUN_XAUTH_FILE);
+
+	copy_file_from_user_to_root(xauth_bin, RUN_XAUTH_FILE, 0, 0, 0711);
+
+	free(xauth_bin);
 
 	fmessage("Generating a new .Xauthority file\n");
 	mkdir_attr(RUN_XAUTHORITY_SEC_DIR, 0700, getuid(), getgid());
-- 
cgit v1.2.3-54-g00ecf