main: _exit() if setuid

Apparently some people think its a good idea to make nft setuid so
unrivilged users can change settings.

"nft -f /etc/shadow" is just one example of why this is a bad idea.
Disable this.  Do not print anything, fd cannot be trusted.

This change intentionally doesn't affect libnftables, on the off-chance
that somebody creates an suid program and knows what they're doing.

Signed-off-by: Florian Westphal <fw@strlen.de>

diff --git a/src/main.c b/src/main.c
index 21096fc7398b19e886ee2ee7d95192d58b01be2d..5847fc4ad5146338991ff2fb99db5b3d2cb15ca2 100644 (file)
--- a/src/main.c
+++ b/src/main.c
@@ -363,6 +363,10 @@ int main(int argc, char * const *argv)
        unsigned int len;
        int i, val, rc;
 
+       /* nftables cannot be used with setuid in a safe way. */
+       if (getuid() != geteuid())
+               _exit(111);
+
        if (!nft_options_check(argc, argv))
                exit(EXIT_FAILURE);