Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > On Sun, Oct 17, 2021 at 12:56:23AM +0200, Florian Westphal wrote: > > Apparently some people think its a good idea to make nft setuid so > > unrivilged users can change settings. > > > > "nft -f /etc/shadow" is just one example of why this is a bad idea. > > Disable this. Do not print anything, fd cannot be trusted. > > > > Signed-off-by: Florian Westphal <fw@xxxxxxxxx> > > --- > > src/main.c | 4 ++++ > > 1 file changed, 4 insertions(+) > > > > diff --git a/src/main.c b/src/main.c > > index 21096fc7398b..5847fc4ad514 100644 > > --- a/src/main.c > > +++ b/src/main.c > > @@ -363,6 +363,10 @@ int main(int argc, char * const *argv) > > unsigned int len; > > int i, val, rc; > > > > + /* nftables cannot be used with setuid in a safe way. */ > > + if (getuid() != geteuid()) > > + _exit(111); > > Applications using libnftables would still face the same issue. Yes, but there is an off-chance they know what they are doing.
