On Sun, Oct 17, 2021 at 12:56:23AM +0200, Florian Westphal wrote: > Apparently some people think its a good idea to make nft setuid so > unrivilged users can change settings. > > "nft -f /etc/shadow" is just one example of why this is a bad idea. > Disable this. Do not print anything, fd cannot be trusted. > > Signed-off-by: Florian Westphal <fw@xxxxxxxxx> > --- > src/main.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/src/main.c b/src/main.c > index 21096fc7398b..5847fc4ad514 100644 > --- a/src/main.c > +++ b/src/main.c > @@ -363,6 +363,10 @@ int main(int argc, char * const *argv) > unsigned int len; > int i, val, rc; > > + /* nftables cannot be used with setuid in a safe way. */ > + if (getuid() != geteuid()) > + _exit(111); Applications using libnftables would still face the same issue. > if (!nft_options_check(argc, argv)) > exit(EXIT_FAILURE); > > -- > 2.31.1 >
