From: Florian Westphal <fw@strlen.de>
Date: Mon, 19 Jul 2021 14:35:09 +0000 (+0200)
Subject: libxtables: exit if called by setuid executeable
X-Git-Tag: v1.8.8~140
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ef7781eb1437a2d6fd37eb3567c599e3ea682b96;p=thirdparty%2Fiptables.git

libxtables: exit if called by setuid executeable

iptables (legacy or nft, doesn't matter) cannot be safely used with
setuid binaries.

Add a safety check for this.

Signed-off-by: Florian Westphal <fw@strlen.de>
---

diff --git a/libxtables/xtables.c b/libxtables/xtables.c
index 9fff1e0d..b261e97b 100644
--- a/libxtables/xtables.c
+++ b/libxtables/xtables.c
@@ -245,6 +245,10 @@ static void dlreg_free(void)
 
 void xtables_init(void)
 {
+	/* xtables cannot be used with setuid in a safe way. */
+	if (getuid() != geteuid())
+		_exit(111);
+
 	xtables_libdir = getenv("XTABLES_LIBDIR");
 	if (xtables_libdir != NULL)
 		return;