[GH-ISSUE #6113] firejail: fs_lib.c:56: find_in_path: Assertion \`geteuid() != 0' failed

gitea-mirror commented

2026-05-05 09:48:17 -06:00

Owner

Originally created by @ghost on GitHub (Nov 30, 2023).
Original GitHub issue: https://github.com/netblue30/firejail/issues/6113

Several apps show breakage when running via firejail from git master. Here's an example using gsettings, but I've seen the same bug on several other profiles. Bisecting points to 407c05ebef.

$ firejail --quiet /usr/bin/gsettings get org.gnome.shell disable-user-extensions
firejail: fs_lib.c:56: find_in_path: Assertion \`geteuid() != 0' failed
Error: proc 64096 cannot sync with peer: unexpected EOF
Peer 64097 unexpectedly killed (Segmentation fault)

All's well again when I build firejail while reverting this commit:

$ firejail --quiet /usr/bin/gsettings get org.gnome.shell disable-user-extensions
false

Can anyone reproduce?

Originally created by @ghost on GitHub (Nov 30, 2023). Original GitHub issue: https://github.com/netblue30/firejail/issues/6113 Several apps show breakage when running via firejail from git master. Here's an example using gsettings, but I've seen the same bug on several other profiles. Bisecting points to https://github.com/netblue30/firejail/commit/407c05ebefe23e725f858b6170b3e52659e044a2. ```sh $ firejail --quiet /usr/bin/gsettings get org.gnome.shell disable-user-extensions firejail: fs_lib.c:56: find_in_path: Assertion \`geteuid() != 0' failed Error: proc 64096 cannot sync with peer: unexpected EOF Peer 64097 unexpectedly killed (Segmentation fault) ``` All's well again when I build firejail while reverting this commit: ```sh $ firejail --quiet /usr/bin/gsettings get org.gnome.shell disable-user-extensions false ``` Can anyone reproduce?

gitea-mirror

2026-05-05 09:48:17 -06:00

closed this issue
added the
bug
label

gitea-mirror commented

2026-05-05 09:48:20 -06:00

Author

Owner

@kmk3 commented on GitHub (Nov 30, 2023):

Several apps show breakage when running via firejail from git master. Here's
an example using gsettings, but I've seen the same bug on several other
profiles. Bisecting points to
407c05e.
$ firejail --quiet /usr/bin/gsettings get org.gnome.shell disable-user-extensions
firejail: fs_lib.c:56: find_in_path: Assertion \`geteuid() != 0' failed
Error: proc 64096 cannot sync with peer: unexpected EOF
Peer 64097 unexpectedly killed (Segmentation fault)

Can anyone reproduce?

Cannot reproduce on 8f55f6c9a:

$ firejail --quiet /usr/bin/gsettings get org.gnome.shell disable-user-extensions
No such schema “org.gnome.shell”
$ firejail --quiet /usr/bin/gsettings --version
2.78.1

Does it still happen when ignoring all .local files?

@kmk3 commented on GitHub (Nov 30, 2023): > Several apps show breakage when running via firejail from git master. Here's > an example using gsettings, but I've seen the same bug on several other > profiles. Bisecting points to > [407c05e](https://github.com/netblue30/firejail/commit/407c05ebefe23e725f858b6170b3e52659e044a2). > > ```shell > $ firejail --quiet /usr/bin/gsettings get org.gnome.shell disable-user-extensions > firejail: fs_lib.c:56: find_in_path: Assertion \`geteuid() != 0' failed > Error: proc 64096 cannot sync with peer: unexpected EOF > Peer 64097 unexpectedly killed (Segmentation fault) > ``` > Can anyone reproduce? Cannot reproduce on 8f55f6c9a: ```console $ firejail --quiet /usr/bin/gsettings get org.gnome.shell disable-user-extensions No such schema “org.gnome.shell” $ firejail --quiet /usr/bin/gsettings --version 2.78.1 ``` Does it still happen when ignoring all .local files?

gitea-mirror commented

2026-05-05 09:48:21 -06:00

Author

Owner

@rusty-snake commented on GitHub (Nov 30, 2023):

We have private-lib disabled by default, correct?

@rusty-snake commented on GitHub (Nov 30, 2023): We have private-lib disabled by default, correct?

gitea-mirror commented

2026-05-05 09:48:22 -06:00

Author

Owner

@ghost commented on GitHub (Dec 1, 2023):

We have private-lib disabled by default, correct?

That's it, nice catch! I do enable private-lib in firejail.config. When I disable it, things no longer break with 407c05ebef.

Even though I have a workaround now, it doesn't make much sense to allow users to override defaults (e.g. enabling private-lib) and subsequently break that. Slightly preoccupied with hardware changes right now, but I'll dig through the code and the xauth commit again later on. Would be nice if it could be implemented without breaking anything. @chestnykh Any ideas on how to avoid this?

@ghost commented on GitHub (Dec 1, 2023): > We have private-lib disabled by default, correct? That's it, nice catch! I do enable `private-lib` in firejail.config. When I disable it, things no longer break with https://github.com/netblue30/firejail/commit/407c05ebefe23e725f858b6170b3e52659e044a2. Even though I have a workaround now, it doesn't make much sense to allow users to override defaults (e.g. enabling private-lib) and subsequently break that. Slightly preoccupied with hardware changes right now, but I'll dig through the code and the xauth commit again later on. Would be nice if it could be implemented without breaking anything. @chestnykh Any ideas on how to avoid this?

gitea-mirror commented

2026-05-05 09:48:23 -06:00

Author

Owner

@chestnykh commented on GitHub (Dec 4, 2023):

Should we perform the geteuid() != 0 check inside find_in_path? Why it is needed inside this function?

@chestnykh commented on GitHub (Dec 4, 2023): Should we perform the `geteuid() != 0` check inside `find_in_path`? Why it is needed inside this function?

gitea-mirror commented

2026-05-05 09:48:25 -06:00

Author

Owner

@rusty-snake commented on GitHub (Dec 4, 2023):

Because search in path with elevated privileges would be a security vulnerability (information leak).

If you code in a suid binary you always have to ask your self "what evil could be done with it?". Even if it is a dead simple function like find_in_path or file_exists, ....

@rusty-snake commented on GitHub (Dec 4, 2023): Because search in path with elevated privileges would be a security vulnerability (information leak). If you code in a suid binary you always have to ask your self "what evil could be done with it?". Even if it is a dead simple function like find_in_path or file_exists, ....

gitea-mirror commented

2026-05-05 09:48:26 -06:00

Author

Owner

@ghost commented on GitHub (Dec 5, 2023):

I have a patch that performs search in path with EUID_USER() instead of EUID_ASSERT() when private-lib is enabled:

$ cat 6113-bugfix.patch

--- a/src/firejail/fs_lib.c
+++ b/src/firejail/fs_lib.c
@@ -53,7 +53,11 @@
 }

 char *find_in_path(const char *program) {
+#ifdef HAVE_PRIVATE_LIB
+	EUID_USER();
+#else
 	EUID_ASSERT();
+#endif
 	if (arg_debug)
 		printf("Searching $PATH for %s\n", program);

@@ -78,6 +82,9 @@
 			free(dup);
 			return fname;
 		}
+#ifdef HAVE_PRIVATE_LIB
+	EUID_ROOT();
+#endif

 		free(fname);
 		tok = strtok(NULL, ":");

BIG DISCLAIMER: is it safe/wise to implement it like this?

@ghost commented on GitHub (Dec 5, 2023): I have a patch that performs search in path with EUID_USER() instead of EUID_ASSERT() when private-lib is enabled: ```sh $ cat 6113-bugfix.patch --- a/src/firejail/fs_lib.c +++ b/src/firejail/fs_lib.c @@ -53,7 +53,11 @@ } char *find_in_path(const char *program) { +#ifdef HAVE_PRIVATE_LIB + EUID_USER(); +#else EUID_ASSERT(); +#endif if (arg_debug) printf("Searching $PATH for %s\n", program); @@ -78,6 +82,9 @@ free(dup); return fname; } +#ifdef HAVE_PRIVATE_LIB + EUID_ROOT(); +#endif free(fname); tok = strtok(NULL, ":"); ``` BIG DISCLAIMER: is it safe/wise to implement it like this?

gitea-mirror commented

2026-05-05 09:48:27 -06:00

Author

Owner

@rusty-snake commented on GitHub (Dec 5, 2023):

We disable private-lib via firejail.global by default, we don't?

@rusty-snake commented on GitHub (Dec 5, 2023): We disable private-lib via firejail.global by default, we don't?

gitea-mirror commented

2026-05-05 09:48:28 -06:00

Author

Owner

@ghost commented on GitHub (Dec 5, 2023):

We disable private-lib via firejail.global by default, we don't?

@rusty-snake Correct, we do so via firejail.config yes:

aa87789ad3/etc/firejail.config (L101-L102)

Personally I do enable it there, and during ./configure obviously. If that's a valid use case, we should fix the xauth commit IMO. You asked this before in this thread. Can you elaborate please?

@ghost commented on GitHub (Dec 5, 2023): > We disable private-lib via firejail.global by default, we don't? @rusty-snake Correct, we do so via firejail.config yes: https://github.com/netblue30/firejail/blob/aa87789ad38e9017908fd1cfae6cc79c8db59eb7/etc/firejail.config#L101-L102 Personally I do enable it there, and during ./configure obviously. If that's a valid use case, we should fix the xauth commit IMO. You asked this before in this thread. Can you elaborate please?

gitea-mirror referenced this issue

2026-05-05 10:24:35 -06:00

[PR #3186] [MERGED] blacklist gjs in disable-interpreters #4679

Rows
Columns

[GH-ISSUE #6113] firejail: fs_lib.c:56: find_in_path: Assertion \`geteuid() != 0' failed #3186