On Tue, Oct 19, 2021 at 12:41:03PM +0200, Florian Westphal wrote: > Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > > On Sun, Oct 17, 2021 at 12:56:23AM +0200, Florian Westphal wrote: > > > Apparently some people think its a good idea to make nft setuid so > > > unrivilged users can change settings. > > > > > > "nft -f /etc/shadow" is just one example of why this is a bad idea. > > > Disable this. Do not print anything, fd cannot be trusted. > > > > > > Signed-off-by: Florian Westphal <fw@xxxxxxxxx> > > > --- > > > src/main.c | 4 ++++ > > > 1 file changed, 4 insertions(+) > > > > > > diff --git a/src/main.c b/src/main.c > > > index 21096fc7398b..5847fc4ad514 100644 > > > --- a/src/main.c > > > +++ b/src/main.c > > > @@ -363,6 +363,10 @@ int main(int argc, char * const *argv) > > > unsigned int len; > > > int i, val, rc; > > > > > > + /* nftables cannot be used with setuid in a safe way. */ > > > + if (getuid() != geteuid()) > > > + _exit(111); > > > > Applications using libnftables would still face the same issue. > > Yes, but there is an off-chance they know what they are doing. Sounds sensible, I'd suggest you document this in the commit before pushing.
