diff options
| author | Peter Wu <peter@lekensteyn.nl> | 2019-02-06 13:46:22 +0100 |
|---|---|---|
| committer | Peter Wu <peter@lekensteyn.nl> | 2019-02-07 10:30:06 +0000 |
| commit | 8d7876bace73983159237c635a988596f545c450 (patch) | |
| tree | ba4ffb30cd406c0924d27db3f5412795ac02232a /epan/wslua | |
| parent | 10ef8b717cb95929d81e4015515dc87fc8c8fc48 (diff) | |
wslua: do not partially disable the Lua API when run as root
Users should not be starting Wireshark as root user (sudo or root
login). If they do, then they can already execute arbitrary code via C
plugins, or read and write arbitrary files. Limiting the Lua API will
not really help these users to prevent breaking their system further.
Therefore remove all artificial restrictions and allow users to run
user-supplied scripts by default. If for whatever policy reason this
flag is set to false, then only Lua dissectors from the global system
directory are executed. It is their responsibility not to provide a free
root shell to the user.
Note that "running_superuser" will also be true if setuid root while the
effective and real user is no longer root. This happens due to
relinquish_special_privs_perm(). In this case, disabling the Lua API is
just annoying with no benefits.
Change-Id: Ie8a38e6160d861f02cbb70dcd1d90462153f4665
Link: https://www.wireshark.org/lists/wireshark-dev/201902/msg00004.html
Reviewed-on: https://code.wireshark.org/review/31913
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Diffstat (limited to 'epan/wslua')
| -rw-r--r-- | epan/wslua/template-init.lua | 25 |
1 files changed, 6 insertions, 19 deletions
diff --git a/epan/wslua/template-init.lua b/epan/wslua/template-init.lua index 3d83a2d2b7..197f1645d2 100644 --- a/epan/wslua/template-init.lua +++ b/epan/wslua/template-init.lua @@ -18,25 +18,12 @@ if not enable_lua then return end --- If set and we are running with special privileges this setting --- tells whether scripts other than this one are to be run. -run_user_scripts_when_superuser = false - - --- disable potentialy harmful lua functions when running superuser -if running_superuser then - local hint = "has been disabled due to running Wireshark as superuser. See https://wiki.wireshark.org/CaptureSetup/CapturePrivileges for help in running Wireshark as an unprivileged user." - local disabled_lib = {} - setmetatable(disabled_lib,{ __index = function() error("this package ".. hint) end } ); - - dofile = function() error("dofile " .. hint) end - loadfile = function() error("loadfile " .. hint) end - loadlib = function() error("loadlib " .. hint) end - require = function() error("require " .. hint) end - os = disabled_lib - io = disabled_lib - file = disabled_lib -end +-- If set and Wireshark was started as (setuid) root, then the user +-- will not be able to execute custom Lua scripts from the personal +-- configuration directory, the -Xlua_script command line option or +-- the Lua Evaluate menu option in the GUI. +run_user_scripts_when_superuser = true + function typeof(obj) local mt = getmetatable(obj) |