diff options
| author | Florian Westphal <fw@strlen.de> | 2022-06-17 23:34:52 +0200 |
|---|---|---|
| committer | Florian Westphal <fw@strlen.de> | 2022-06-17 23:35:32 +0200 |
| commit | 15a31ba8e8e146a5dafce59160b2eeefb00bccca (patch) | |
| tree | a036d182a70d70271c6758dd37e6c5571dfd99ad | |
| parent | e81eea1be636b7ec0bc4091da483c08c0f6a016e (diff) | |
iptables.8: mention that iptables exits when setuid
Signed-off-by: Florian Westphal <fw@strlen.de>
| -rw-r--r-- | iptables/iptables.8.in | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/iptables/iptables.8.in b/iptables/iptables.8.in index 627ff0e4..f81c632f 100644 --- a/iptables/iptables.8.in +++ b/iptables/iptables.8.in @@ -417,6 +417,11 @@ other errors cause an exit code of 1. .SH BUGS Bugs? What's this? ;-) Well, you might want to have a look at http://bugzilla.netfilter.org/ +\fBiptables\fP will exit immediately with an error code of 111 if it finds +that it was called as a setuid-to-root program. +iptables cannot be used safely in this manner because it trusts +the shared libraries (matches, targets) loaded at run time, the search +path can be set using environment variables. .SH COMPATIBILITY WITH IPCHAINS This \fBiptables\fP is very similar to ipchains by Rusty Russell. The main difference is |