I have a program running in C. This needs to execute an iptables command

Question

0

Editorial Team

Asked: May 22, 20262026-05-22T23:45:32+00:00 2026-05-22T23:45:32+00:00

I have a program running in C. This needs to execute an iptables command

0

I have a program running in C. This needs to execute an “iptables” command using system.

I tried

setuid(0); 
system("iptables .... ");

setuid and system do not coexist. from the system man page

Do not use system() from a program
with set-user-ID or set-group-ID
privileges, because strange values
for some
environment variables might be used to subvert system integrity.
Use the exec(3) family of functions
instead,
but not execlp(3) or execvp(3). system() will not, in fact, work
properly from programs with
set-user-ID or set-
group-ID privileges on systems on which /bin/sh is bash
version 2, since bash 2 drops
privileges on startup.
(Debian uses a modified bash which does not do this when invoked as
sh.)

how can I overcome my problem?

Thanks

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-22T23:45:33+00:00

Something like this might help. It’s untested but should work.

    char * const argv[] = {"/sbin/iptables", "-L", NULL};

    pid = fork();
    switch (pid) {
            case -1:
                    /* handle error */
            case 0:
                    execv("/sbin/iptables", argv);
                    /* handle error if you get here */
            break;
            default:
                    waitpid(pid, &status, 0);
                    /* check waitpid return code */
            break;
    }

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I have a program running in C. This needs to execute an iptables command

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply