Wireshark mailing list archives
Re: Wireshark on Kali linux
From: João Valverde <joao.valverde () tecnico ulisboa pt>
Date: Wed, 6 Feb 2019 22:25:40 +0000
On 06/02/19 17:31, Guy Harris wrote:
On Feb 6, 2019, at 5:06 AM, Peter Wu <peter () lekensteyn nl> wrote:On Wed, Feb 06, 2019 at 12:46:20PM +0000, João Valverde wrote:I have some doubts about the effectiveness and usefulness of this Lua sandbox. I didn't investigate in depth but it seems enabling/disabling the Lua runtime instead would be better, as dictated by policy (whatever that policy is).Setting "enable_lua = false" (formerly "disable_lua = true") already prevents further Lua code from being executed. Likewise when "run_user_scripts_when_superuser" is false and when started as root. I also question the utility of disabling the API, hence these patches: wslua: do not load console.lua when run as root https://code.wireshark.org/review/31912 wslua: do not partially disable the Lua API when run as root https://code.wireshark.org/review/31913 The first patch can be safely be backported and should fix the issue raised by Kali Linux users. Worst-case, it disables the GUI menu option, but it has no effect otherwise. The second patch removes the security theatre, but depends on the first patch to effectively restrict execution of arbitrary user-supplied code. It enables arbitrary execution of user-supplied code by default since those who execute "tshark -Xlua_script:foo.lua" as root user (or via sudo) will expect it to work. Finally, note that "started_with_special_privs()" also returns TRUE even if the current user has no more privileges. Even if the Wireshark or tshark executables were setuid root, these root privileges have already been dropped via "relinquish_special_privs_perm()", long before it ever gets to the Lua code.OK, so Wireshark and TShark are normally run in some form of user session, whether it's a GUI session or not; in those sessions, there's normally credentials (user and groups) for the logged-in user.
(...)
So the question is whether we should print/pop up a message if TShark/Wireshark is running as root - and, if we do, whether we should have a compile or configuration option to disable that, so it can be disabled on Kali Linux or other OSes where you don't have much of a choice about whether to run them as root.
I think a warning for "running Wireshark/tshark as root is dangerous" is very appropriate. There is a legitimate discussion to be had on whether it should be more or less forceful and what to do about Kali.
But throwing a Lua runtime exception for root is not such a warning. That's just a bug in my opinion.
Furthermore if a user builds Wireshark without Lua no warning is emitted. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Re: Wireshark on Kali linux, (continued)
- Re: Wireshark on Kali linux João Valverde (Feb 05)
- Re: Wireshark on Kali linux Dario Lombardo (Feb 06)
- Re: Wireshark on Kali linux João Valverde (Feb 06)
- Re: Wireshark on Kali linux Peter Wu (Feb 06)
- Re: Wireshark on Kali linux Guy Harris (Feb 06)
- Re: Wireshark on Kali linux Graham Bloice (Feb 06)
- Re: Wireshark on Kali linux Jasper Bongertz (Feb 07)
- Re: Wireshark on Kali linux Dario Lombardo (Feb 07)
- Re: Wireshark on Kali linux Graham Bloice (Feb 07)
- Re: Wireshark on Kali linux Jeff Morriss (Feb 12)
- Re: Wireshark on Kali linux João Valverde (Feb 06)
- Re: Wireshark on Kali linux Dario Lombardo (Feb 07)