From: Florian Westphal <fw@strlen.de>
Date: Sat, 16 Oct 2021 22:56:23 +0000 (+0200)
Subject: main: _exit() if setuid
X-Git-Tag: v1.0.1~40
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2139913694a9850c9160920b2c638aac4828f9bb;p=thirdparty%2Fnftables.git

main: _exit() if setuid

Apparently some people think its a good idea to make nft setuid so
unrivilged users can change settings.

"nft -f /etc/shadow" is just one example of why this is a bad idea.
Disable this.  Do not print anything, fd cannot be trusted.

This change intentionally doesn't affect libnftables, on the off-chance
that somebody creates an suid program and knows what they're doing.

Signed-off-by: Florian Westphal <fw@strlen.de>
---

diff --git a/src/main.c b/src/main.c
index 21096fc7..5847fc4a 100644
--- a/src/main.c
+++ b/src/main.c
@@ -363,6 +363,10 @@ int main(int argc, char * const *argv)
 	unsigned int len;
 	int i, val, rc;
 
+	/* nftables cannot be used with setuid in a safe way. */
+	if (getuid() != geteuid())
+		_exit(111);
+
 	if (!nft_options_check(argc, argv))
 		exit(EXIT_FAILURE);