Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

xauth command is hardcoded to /usr/bin/xauth #6006

Open
1 task done
hashelq opened this issue Sep 15, 2023 · 1 comment · Fixed by #6087
Open
1 task done

xauth command is hardcoded to /usr/bin/xauth #6006

hashelq opened this issue Sep 15, 2023 · 1 comment · Fixed by #6087

Comments

@hashelq
Copy link

hashelq commented Sep 15, 2023
edited by glitsj16
Loading

Description

firejail/src/firejail/x11.c

Lines 1180 to 1186 in eb5c971

if (stat("/usr/bin/xauth", &s) == -1) {
fprintf(stderr, "Error: xauth utility not found in /usr/bin. Please install it:\n");
fprintf(stderr, " Debian/Ubuntu/Mint: sudo apt-get install xauth\n");
fprintf(stderr, " Arch: sudo pacman -S xorg-xauth\n");
fprintf(stderr, " Fedora: sudo dnf install xorg-x11-xauth\n");
exit(1);
}

Expected behavior

To find the executable in the path, or, at least, have an option to override the path to the binary.

Actual behavior

unix-way

Additional context

Despite the fact in most environments you can find binaries in /usr/bin, there are cases in which you cannot, like in NixOS, containers, small os images, etc.

Environment

NixOS (/usr/bin, as well as /bin are not used for apps like xauth)

Checklist

  • I have performed a short search for similar issues (to avoid opening a duplicate).
@glitsj16
Copy link
Collaborator

glitsj16 commented Sep 16, 2023
edited
Loading

Thank you for reporting this. Similar hardcoded reference to /usr/bin/xauth:

firejail/src/firejail/fs_lib2.c

Lines 168 to 170 in eb5c971

// bring in xauth libraries
if (arg_x11_xorg)
fslib_mount_libs("/usr/bin/xauth", 1); // parse as user

@netblue30 @smitsohu Can you have a look at this please?

@glitsj16 glitsj16 added the bug Something isn't working label Sep 16, 2023
chestnykh added a commit to chestnykh/firejail that referenced this issue Nov 13, 2023
@chestnykh
Lookup xauth in PATH.
a8d52a9 
Don't use hardcoded `/usr/bin/xauth`,
iterate over directories inside PATH instead.

This fixes netblue30#6006
@chestnykh chestnykh mentioned this issue Nov 13, 2023
Merged
chestnykh added a commit to chestnykh/firejail that referenced this issue Nov 13, 2023
@chestnykh
Lookup xauth in PATH.
3768d91 
Don't use hardcoded `/usr/bin/xauth`,
iterate over directories inside PATH instead.

This fixes netblue30#6006
chestnykh added a commit to chestnykh/firejail that referenced this issue Nov 17, 2023
@chestnykh
Lookup xauth in PATH.
e2483cb 
Don't use hardcoded `/usr/bin/xauth`,
iterate over directories inside PATH instead.

This fixes netblue30#6006
chestnykh added a commit to chestnykh/firejail that referenced this issue Nov 19, 2023
@chestnykh
Lookup xauth in PATH.
407c05e 
Don't use hardcoded `/usr/bin/xauth`,
iterate over directories inside PATH instead.

This fixes netblue30#6006
kmk3 added a commit that referenced this issue Nov 27, 2023
@kmk3
RELNOTES: add modif, bugfix, build and contrib items
8f55f6c 
Relates to #5982 #6006 #6057 #6059 #6070 #6086 #6087.
@kmk3 kmk3 removed the bug Something isn't working label Nov 27, 2023
kmk3 added a commit to kmk3/firejail that referenced this issue Dec 14, 2023
@kmk3
Revert "Lookup xauth in PATH."
8f33e72 
This reverts commit 407c05e.

If --private-lib is used (and firejail is configured with
--enable-private-lib), the following error occurs:

    $ firejail --quiet --noprofile --private-lib true
    firejail: fs_lib.c:56: find_in_path: Assertion `geteuid() != 0' failed.
    Error: proc 10000 cannot sync with peer: unexpected EOF
    Peer 10001 unexpectedly killed (Segmentation fault)

Given that it causes an uid assertion failure, the logic appears to not
be correct and the current behavior may be unsafe, so for now revert
that commit until the issue is properly addressed.

Relates to netblue30#6006 netblue30#6087.

Fixes netblue30#6113.
@kmk3 kmk3 mentioned this issue Dec 14, 2023
Merged
kmk3 added a commit that referenced this issue Jan 3, 2024
@kmk3
RELNOTES: remove xauth modif item
07084fa 
Reverted by commit 8f33e72 ("Revert "Lookup xauth in PATH."",
2023-12-13) / PR #6129.

Relates to #6006 #6087.
@kmk3 kmk3 reopened this Jan 4, 2024
@github-project-automation github-project-automation bot moved this to Reverted (RELNOTES N/A) in Release 0.9.74 Aug 28, 2024
@kmk3 kmk3 changed the title Xauth binary is hardcoded to /usr/bin/xauth xauth command is hardcoded to /usr/bin/xauth Sep 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
Release 0.9.74
Status: Reverted (RELNOTES N/A)
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

modif: lookup xauth in PATH chestnykh/firejail
3 participants
@glitsj16 @kmk3 @hashelq