Hello, this came up on freenode's #netfilter today.
ip{,6}tables-save(8), when run as an unprivileged user (who
doesn't have access to /proc/net/ip{,6}_tables_names), displays
no output and returns 0 because of a Boolean inversion.
luser@myhost:~$ iptables-save; echo $?
0
The patch below changes the return to 1 if fopen() fails.
Additionally, one could add "if (errno == EACCESS)" conditioned
error messages.
--mancha
--- a/iptables/iptables-save.c 2013-10-14
+++ b/iptables/iptables-save.c 2013-10-14
@@ -40,7 +40,7 @@ static int for_each_table(int (*func)(co
procfile = fopen("/proc/net/ip_tables_names", "re");
if (!procfile)
- return ret;
+ return 0;
while (fgets(tablename, sizeof(tablename), procfile)) {
if (tablename[strlen(tablename) - 1] != '\n')
--- a/iptables/ip6tables-save.c 2013-10-14
+++ b/iptables/ip6tables-save.c 2013-10-14
@@ -42,7 +42,7 @@ static int for_each_table(int (*func)(co
procfile = fopen("/proc/net/ip6_tables_names", "re");
if (!procfile)
- return ret;
+ return 0;
while (fgets(tablename, sizeof(tablename), procfile)) {
if (tablename[strlen(tablename) - 1] != '\n')
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
