diff options
| author | Florian Westphal <fw@strlen.de> | 2021-07-19 16:35:09 +0200 | 
|---|---|---|
| committer | Florian Westphal <fw@strlen.de> | 2021-08-04 17:56:40 +0200 | 
| commit | ef7781eb1437a2d6fd37eb3567c599e3ea682b96 (patch) | |
| tree | 073fbf51c29b5115256e235b6508a8ae414f50b7 /libxtables | |
| parent | 8629c53f933a16f1d68d19fb163c879453a3dcf2 (diff) | |
libxtables: exit if called by setuid executeable
iptables (legacy or nft, doesn't matter) cannot be safely used with
setuid binaries.
Add a safety check for this.
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'libxtables')
| -rw-r--r-- | libxtables/xtables.c | 4 | 
1 files changed, 4 insertions, 0 deletions
| diff --git a/libxtables/xtables.c b/libxtables/xtables.c index 9fff1e0d..b261e97b 100644 --- a/libxtables/xtables.c +++ b/libxtables/xtables.c @@ -245,6 +245,10 @@ static void dlreg_free(void)  void xtables_init(void)  { +	/* xtables cannot be used with setuid in a safe way. */ +	if (getuid() != geteuid()) +		_exit(111); +  	xtables_libdir = getenv("XTABLES_LIBDIR");  	if (xtables_libdir != NULL)  		return; | 
