So, as shown at Clumsy keyboard a SEGFAULT is triggered when attempting to use iptables without the sufficient privileges. Let's have a look to it!
A quick look on valgrind, shows that iptables trying to pass a NULL Pointer to a function to be used:
So gdb was fired up, symbols and sources loaded into path and breakpoints set to those functions
The first breakpoint is hit, the code is about to call xtables_main(...)
It enters the function and some of the code is displayed, but not all of it... I took the time to review the code to see what it is actually doing:
A more handy “trace” of how far we are right now:
Continue and hit the next breakpoint, where some of the parameters passed to the function do_commandx are easily displayed:
Continue to the next function, add_entry, shows some code that might seem complicated at first sight, but nevertheless:
Once reviewed, the interesting code for this function is shown below:
The next function, nft_rule_insert is an interesting one, as here is where the last working pieces of code are ran.
Keep an eye on rulenum variable, as this is the var that will cause an uninitalized pointer to be passed to the next function.
Here, a pointer to a nftnl_rule_list struct called list is created, but never initialized due to the rulenum being 0
Therefore, a var called new_rule is initialized at line 2139, but the function that fills it, nft_rule_add, returns NULL due to the lack of privileges:
And the last function of our breakpointed list arrives:
As shown, list_add is called on line 782, trying to dereference a NULL pointer, by accessing its list parameter.
And that's it. SEGFAULT you!