diff options
author | Florian Westphal <fw@strlen.de> | 2021-07-19 16:35:09 +0200 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2021-08-04 17:56:40 +0200 |
commit | ef7781eb1437a2d6fd37eb3567c599e3ea682b96 (patch) | |
tree | 073fbf51c29b5115256e235b6508a8ae414f50b7 | |
parent | 8629c53f933a16f1d68d19fb163c879453a3dcf2 (diff) |
libxtables: exit if called by setuid executeable
iptables (legacy or nft, doesn't matter) cannot be safely used with
setuid binaries.
Add a safety check for this.
Signed-off-by: Florian Westphal <fw@strlen.de>
-rw-r--r-- | libxtables/xtables.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/libxtables/xtables.c b/libxtables/xtables.c index 9fff1e0d..b261e97b 100644 --- a/libxtables/xtables.c +++ b/libxtables/xtables.c @@ -245,6 +245,10 @@ static void dlreg_free(void) void xtables_init(void) { + /* xtables cannot be used with setuid in a safe way. */ + if (getuid() != geteuid()) + _exit(111); + xtables_libdir = getenv("XTABLES_LIBDIR"); if (xtables_libdir != NULL) return; |