libxtables: exit if called by setuid executeable

iptables (legacy or nft, doesn't matter) cannot be safely used with setuid binaries. Add a safety check for this. Signed-off-by: Florian Westphal <fw@strlen.de>
author: Florian Westphal <fw@strlen.de> 2021-07-19 16:35:09 +0200
committer: Florian Westphal <fw@strlen.de> 2021-08-04 17:56:40 +0200
commit: ef7781eb1437a2d6fd37eb3567c599e3ea682b96 (patch)
tree: 073fbf51c29b5115256e235b6508a8ae414f50b7 /libxtables/xtables.c
parent: 8629c53f933a16f1d68d19fb163c879453a3dcf2 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/libxtables/xtables.c b/libxtables/xtables.c
index 9fff1e0d..b261e97b 100644
--- a/libxtables/xtables.c
+++ b/libxtables/xtables.c
@@ -245,6 +245,10 @@ static void dlreg_free(void)
 
 void xtables_init(void)
 {
+	/* xtables cannot be used with setuid in a safe way. */
+	if (getuid() != geteuid())
+		_exit(111);
+
 	xtables_libdir = getenv("XTABLES_LIBDIR");
 	if (xtables_libdir != NULL)
 		return;
author	Florian Westphal <fw@strlen.de>	2021-07-19 16:35:09 +0200
committer	Florian Westphal <fw@strlen.de>	2021-08-04 17:56:40 +0200
commit	ef7781eb1437a2d6fd37eb3567c599e3ea682b96 (patch)
tree	073fbf51c29b5115256e235b6508a8ae414f50b7 /libxtables/xtables.c
parent	8629c53f933a16f1d68d19fb163c879453a3dcf2 (diff)