Message ID | 20131014203816.CC16360191@smtp.hushmail.com |
---|---|
State | Not Applicable |
Headers | show |
Hi, On Mon, Oct 14, 2013 at 08:38:16PM +0000, mancha wrote: > Hello, this came up on freenode's #netfilter today. > > ip{,6}tables-save(8), when run as an unprivileged user (who > doesn't have access to /proc/net/ip{,6}_tables_names), displays > no output and returns 0 because of a Boolean inversion. > > luser@myhost:~$ iptables-save; echo $? > 0 > > The patch below changes the return to 1 if fopen() fails. > Additionally, one could add "if (errno == EACCESS)" conditioned > error messages. Need your Signed-off-by tag / full name to take this patch, please, let me know. No need to resend, I'll amend it. Thanks. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Pablo Neira Ayuso <pablo <at> netfilter.org> writes: > > Need your Signed-off-by tag / full name to take this patch, please, > let me know. No need to resend, I'll amend it. Thanks. Hi. Thank you for your email. As for attribution, my Signed-off-by tag is "mancha". I didn't mean to add more work for you. In the future I'll submit using git format-patch. Thanks! --mancha -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
--- a/iptables/iptables-save.c 2013-10-14 +++ b/iptables/iptables-save.c 2013-10-14 @@ -40,7 +40,7 @@ static int for_each_table(int (*func)(co procfile = fopen("/proc/net/ip_tables_names", "re"); if (!procfile) - return ret; + return 0; while (fgets(tablename, sizeof(tablename), procfile)) { if (tablename[strlen(tablename) - 1] != '\n') --- a/iptables/ip6tables-save.c 2013-10-14 +++ b/iptables/ip6tables-save.c 2013-10-14 @@ -42,7 +42,7 @@ static int for_each_table(int (*func)(co procfile = fopen("/proc/net/ip6_tables_names", "re"); if (!procfile) - return ret; + return 0; while (fgets(tablename, sizeof(tablename), procfile)) { if (tablename[strlen(tablename) - 1] != '\n')