osmocom/wireshark
14
0
Fork 1
Code Issues Pull requests Projects Releases Wiki Activity
wireshark/epan/wslua/template-init.lua
Peter Wu 8d7876bace wslua: do not partially disable the Lua API when run as root 
Users should not be starting Wireshark as root user (sudo or root
login). If they do, then they can already execute arbitrary code via C
plugins, or read and write arbitrary files. Limiting the Lua API will
not really help these users to prevent breaking their system further.

Therefore remove all artificial restrictions and allow users to run
user-supplied scripts by default. If for whatever policy reason this
flag is set to false, then only Lua dissectors from the global system
directory are executed. It is their responsibility not to provide a free
root shell to the user.

Note that "running_superuser" will also be true if setuid root while the
effective and real user is no longer root. This happens due to
relinquish_special_privs_perm(). In this case, disabling the Lua API is
just annoying with no benefits.

Change-Id: Ie8a38e6160d861f02cbb70dcd1d90462153f4665
Link: https://www.wireshark.org/lists/wireshark-dev/201902/msg00004.html
Reviewed-on: https://code.wireshark.org/review/31913
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
2019-02-07 10:30:06 +00:00

124 lines
3.4 KiB
Lua
Raw Blame History

-- init.lua
--
-- initialize wireshark's lua
--
-- This file is going to be executed before any other lua script.
-- It can be used to load libraries, disable functions and more.
--
-- Wireshark - Network traffic analyzer
-- By Gerald Combs <gerald@wireshark.org>
-- Copyright 1998 Gerald Combs
--
-- SPDX-License-Identifier: GPL-2.0-or-later
-- Set enable_lua to false to disable Lua support.
enable_lua = true
if not enable_lua then
return
end
-- If set and Wireshark was started as (setuid) root, then the user
-- will not be able to execute custom Lua scripts from the personal
-- configuration directory, the -Xlua_script command line option or
-- the Lua Evaluate menu option in the GUI.
run_user_scripts_when_superuser = true
function typeof(obj)
local mt = getmetatable(obj)
return mt and mt.__typeof or obj.__typeof or type(obj)
end
-- the following function checks if a file exists
-- since 1.11.3
function file_exists(name)
local f = io.open(name,"r")
if f ~= nil then io.close(f) return true else return false end
end
-- the following function prepends the given directory name to
-- the package.path, so that a 'require "foo"' will work if 'foo'
-- is in the directory name given to this function. For example,
-- if your Lua file will do a 'require "foo"' and the foo.lua
-- file is in a local directory (local to your script) named 'bar',
-- then call this function before doing your 'require', by doing
-- package.prepend_path("bar")
-- and that will let Wireshark's Lua find the file "bar/foo.lua"
-- when you later do 'require "foo"'
--
-- Because this function resides here in init.lua, it does not
-- have the same environment as your script, so it has to get it
-- using the debug library, which is why the code appears so
-- cumbersome.
--
-- since 1.11.3
function package.prepend_path(name)
-- get the function calling this package.prepend_path function
local dt = debug.getinfo(2, "f")
if not dt then
error("could not retrieve debug info table")
end
-- get its upvalue
local _, val = debug.getupvalue(dt.func, 1)
if not val or type(val) ~= 'table' then
error("No calling function upvalue or it is not a table")
end
-- get the __DIR__ field in its upvalue table
local dir = val["__DIR__"]
-- get the platform-specific directory separator character
local sep = package.config:sub(1,1)
-- prepend the dir and given name to path
if dir and dir:len() > 0 then
package.path = dir .. sep .. name .. sep .. "?.lua;" .. package.path
end
-- also prepend just the name as a directory
package.path = name .. sep .. "?.lua;" .. package.path
end
%WTAP_ENCAPS%
%WTAP_FILETYPES%
%WTAP_TSPRECS%
%WTAP_COMMENTTYPES%
%FT_TYPES%
-- the following table is since 2.0
%FT_FRAME_TYPES%
-- the following table is since 1.12
%WTAP_REC_TYPES%
-- the following table is since 1.11.3
%WTAP_PRESENCE_FLAGS%
%BASES%
%ENCODINGS%
%EXPERT%
-- the following table is since 1.11.3
%EXPERT_TABLE%
%MENU_GROUPS%
-- other useful constants
-- DATA_DIR and USER_DIR have a trailing directory separator.
GUI_ENABLED = gui_enabled()
DATA_DIR = Dir.global_config_path()..package.config:sub(1,1)
USER_DIR = Dir.personal_config_path()..package.config:sub(1,1)
-- deprecated function names
datafile_path = Dir.global_config_path
persconffile_path = Dir.personal_config_path
if not running_superuser or run_user_scripts_when_superuser then
dofile(DATA_DIR.."console.lua")
end
--dofile(DATA_DIR.."dtd_gen.lua")
Reference in a new issue View git blame Copy permalink