Wireshark-commits: [Wireshark-commits] master 8d7876b: wslua: do not partially disable the Lua API

From: Wireshark code review <code-review-do-not-reply@xxxxxxxxxxxxx>
Date: Thu, 07 Feb 2019 10:30:13 +0000
URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=8d7876bace73983159237c635a988596f545c450
Submitter: "Peter Wu <peter@xxxxxxxxxxxxx>"
Changed: branch: master
Repository: wireshark

Commits:

8d7876b by Peter Wu (peter@xxxxxxxxxxxxx):

    wslua: do not partially disable the Lua API when run as root
    
    Users should not be starting Wireshark as root user (sudo or root
    login). If they do, then they can already execute arbitrary code via C
    plugins, or read and write arbitrary files. Limiting the Lua API will
    not really help these users to prevent breaking their system further.
    
    Therefore remove all artificial restrictions and allow users to run
    user-supplied scripts by default. If for whatever policy reason this
    flag is set to false, then only Lua dissectors from the global system
    directory are executed. It is their responsibility not to provide a free
    root shell to the user.
    
    Note that "running_superuser" will also be true if setuid root while the
    effective and real user is no longer root. This happens due to
    relinquish_special_privs_perm(). In this case, disabling the Lua API is
    just annoying with no benefits.
    
    Change-Id: Ie8a38e6160d861f02cbb70dcd1d90462153f4665
    Link: https://www.wireshark.org/lists/wireshark-dev/201902/msg00004.html
    Reviewed-on: https://code.wireshark.org/review/31913
    Petri-Dish: Peter Wu <peter@xxxxxxxxxxxxx>
    Tested-by: Petri Dish Buildbot
    Reviewed-by: Dario Lombardo <lomato@xxxxxxxxx>
    Reviewed-by: Peter Wu <peter@xxxxxxxxxxxxx>
    

Actions performed:

    from  10ef8b7   wslua: do not load console.lua when run as root
     add  8d7876b   wslua: do not partially disable the Lua API when run as root


Summary of changes:
 epan/wslua/template-init.lua | 25 ++++++-------------------
 1 file changed, 6 insertions(+), 19 deletions(-)