From 2139913694a9850c9160920b2c638aac4828f9bb Mon Sep 17 00:00:00 2001
From: Florian Westphal <fw@strlen.de>
Date: Sun, 17 Oct 2021 00:56:23 +0200
Subject: main: _exit() if setuid

Apparently some people think its a good idea to make nft setuid so
unrivilged users can change settings.

"nft -f /etc/shadow" is just one example of why this is a bad idea.
Disable this.  Do not print anything, fd cannot be trusted.

This change intentionally doesn't affect libnftables, on the off-chance
that somebody creates an suid program and knows what they're doing.

Signed-off-by: Florian Westphal <fw@strlen.de>
---
 src/main.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/main.c b/src/main.c
index 21096fc7..5847fc4a 100644
--- a/src/main.c
+++ b/src/main.c
@@ -363,6 +363,10 @@ int main(int argc, char * const *argv)
 	unsigned int len;
 	int i, val, rc;
 
+	/* nftables cannot be used with setuid in a safe way. */
+	if (getuid() != geteuid())
+		_exit(111);
+
 	if (!nft_options_check(argc, argv))
 		exit(EXIT_FAILURE);
 
-- 
cgit v1.2.3