netfilter buglog - Oct 2013 - [Bug 863] New: Implied regression in errors

https://bugzilla.netfilter.org/show_bug.cgi?id=863

           Summary: Implied regression in errors
           Product: iptables
           Version: 1.4.x
          Platform: arm
        OS/Version: other
            Status: NEW
          Severity: trivial
          Priority: P5
         Component: iptables
        AssignedTo: netfilter-buglog at lists.netfilter.org
        ReportedBy: eric.bock.1980 at gmail.com
   Estimated Hours: 1.0


iptables suggests that a later version might allow ordinary users to modify the
firewall:

[ 0 ] app_42 at android:/$ iptables --flush
iptables v1.4.11.1: can't initialize iptables table `filter': Permission
denied
(you must be root)
Perhaps iptables or your kernel needs to be upgraded.
[ 3 ] app_42 at android:/$

-- 
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.

https://bugzilla.netfilter.org/show_bug.cgi?id=863

Phil Oester <netfilter at linuxace.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
                 CC|                            |netfilter at linuxace.com
         Resolution|                            |INVALID
    Remaining Hours|1.0                         |0.0

--- Comment #1 from Phil Oester <netfilter at linuxace.com> 2013-10-21
23:13:15 CEST ---
Yes, from do_command4 if we were unable to initialize the table for any reason:

        if (!*handle)
                xtables_error(VERSION_PROBLEM,
                           "can't initialize iptables table `%s':
%s",
                           *table, iptc_strerror(errno));


then in iptables_exit_error:

        if (status == VERSION_PROBLEM)
                fprintf(stderr,
                        "Perhaps iptables or your kernel needs to be
upgraded.\n");

This pedantry really isn't worth addressing.  The first error (you must be
root) spells out the problem quite nicely.  And the second error does say
"Perhaps" - which does not imply that it _will_ solve anything at all.

If one were so inclined (and lacking in sanity), you could patch your kernel to
make all UIDs root equivalent.  So the second message is technically true - a
kernel upgrade COULD fix this issue.

Closing.

-- 
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.