Wireshark mailing list archives
Lua error while running Wireshark as root (was: Re: Wireshark on Kali linux)
From: Peter Wu <peter () lekensteyn nl>
Date: Tue, 5 Feb 2019 23:07:25 +0100
On Tue, Feb 05, 2019 at 10:10:38AM -0800, Guy Harris wrote:
On Feb 5, 2019, at 8:48 AM, Dario Lombardo <lomato () gmail com> wrote:I know that the problem is how kali runs wireshark (as root) and that it should be avoided, but this is how kali worksKali Linux has no user accounts, so you log in as root and thus everything runs as root?
That is correct: https://docs.kali.org/policy/kali-linux-root-user-policy The linked post workarounds an error on starting Wireshark by commenting out the dofile call in init.lua (since it would fail anyway). Possible approaches on fixing this error includes: - Check for running_superuser before trying loading console.lua. - Remove the superuser restriction for dofile. - Remove the superuser restrictions completely and permit access to the full Lua API (including os.execute, io.open, require, etc.) The first option has a similar effect as the suggested workaround. The second option is shipped by Fedora since 2009: https://src.fedoraproject.org/cgit/rpms/wireshark.git/tree/wireshark-0001-enable-Lua-support.patch The last option would permit *users* to invoke arbitrary commands as root if they run Wireshark with sudo or as root user. I think that might not be a bad idea after all: - Plugins (.so) can already be loaded, even when running as root. Limiting Lua only provides a limited form of "security" since you can already execute arbitrary code via C plugins. - The Lua check was added in commit f4c227852c (March 2006). At that time, tshark or wireshark might have required setuid root for capture privileges. This was changed in commit 92802883a6 (August 2007). - Downstream distributions like Fedora have already patched their systems to permit dofile. (but still limit require, os, etc.) Proposal: - Remove the "disable potentialy [sic] harmful lua functions" patch assuming that users know what they are doing when running tshark/wireshark as root. - Set "run_user_scripts_when_superuser" to true by default, enabling root users to load scripts via the "-Xlua_script" option. Those who would like to limit Lua support when running as root could change this variable anyway. -- Kind regards, Peter Wu https://lekensteyn.nl ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Wireshark on Kali linux Dario Lombardo (Feb 05)
- Re: Wireshark on Kali linux Guy Harris (Feb 05)
- Lua error while running Wireshark as root (was: Re: Wireshark on Kali linux) Peter Wu (Feb 05)
- Re: Lua error while running Wireshark as root (was: Re: Wireshark on Kali linux) Guy Harris (Feb 05)
- Re: Lua error while running Wireshark as root (was: Re: Wireshark on Kali linux) Peter Wu (Feb 05)
- Re: Lua error while running Wireshark as root (was: Re: Wireshark on Kali linux) Guy Harris (Feb 05)
- Re: Lua error while running Wireshark as root (was: Re: Wireshark on Kali linux) Peter Wu (Feb 06)
- Lua error while running Wireshark as root (was: Re: Wireshark on Kali linux) Peter Wu (Feb 05)
- Re: Wireshark on Kali linux Guy Harris (Feb 05)
- Re: Wireshark on Kali linux Guy Harris (Feb 05)
- Re: Wireshark on Kali linux Guy Harris (Feb 05)
- Re: Wireshark on Kali linux João Valverde (Feb 05)
- Re: Wireshark on Kali linux Dario Lombardo (Feb 06)