[prev in list] [next in list] [prev in thread] [next in thread]
List: wireshark-users
Subject: Re: [Wireshark-users] Is the execution of lua script user-dependend ?
From: Hadriel Kaplan <hadrielk () yahoo ! com>
Date: 2014-03-22 16:33:20
Message-ID: 1395506000.68621.YahooMailNeo () web161504 ! mail ! bf1 ! yahoo ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
I should have mentioned" if you want to override that behavior, change that line to \
this:
run_user_scripts_when_superuser = true
But note that the above line will get over-written the next time you compile or \
install wireshark, because init.lua will be replaced.
-hadriel
On Saturday, March 22, 2014 12:22 PM, Hadriel Kaplan <hadrielk@yahoo.com> wrote:
Look in the init.lua file in your global config directory. It will have this line:
run_user_scripts_when_superuser = false
That's the default, so wireshark won't load your script when you do sudo. It's done \
that way for safety, since a Lua script can do basically anything it wants.
-hadriel
On Saturday, March 22, 2014 11:57 AM, Toralf Förster <toralf.foerster@gmx.de> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
/me wonders why as a common user the LUA script is executed whwreas as sudo it won't \
print the hello world :
tfoerste@n22 ~/devel/wireshark $ cat hello.lua
-
-- hello.lua
- -- Lua's implementation of D. Ritchie's hello world program.
print("hello world!")
- --
- --
tfoerste@n22 ~/devel/wireshark $ ./tshark -X lua_script:hello.lua
hello world!
tshark: There are no interfaces on which a capture can be done
tfoerste@n22 ~/devel/wireshark $ sudo ./tshark -X lua_script:hello.lua
Running as user "root" and group "root". This could be dangerous.
Capturing on 'wlp3s0'
1 16:40:09.559696 62.231.75.133 -> 192.168.178.21 TCP 236 afs3-fileserver → \
35798 [PSH, ACK] Seq=1 Ack=1 Win=520 Len=170 2 16:40:09.559792 192.168.178.21 -> \
62.231.75.133 TCP 66 35798 → afs3-fileserver [ACK] Seq=1 Ack=171 Win=1304 Len=0 3 \
16:40:09.822955 192.168.178.1 -> 239.255.255.250 SSDP 165 M-SEARCH * HTTP/1.1 4
16:40:09.823733 fe80::a96:d7ff:fe05:f928 -> ff02::c SSDP 179 M-SEARCH * \
HTTP/1.1 ^C4 packets captured
- --
MfG/Sincerely
Toralf Förster
pgp finger print:1A37 6F99 4A9D 026F 13E2 4DCF C4EA CDDE 0076 E94E
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iF4EAREIAAYFAlMtrzcACgkQxOrN3gB26U6T3QD/TsHPGLqRq1/XPCAv7Nru+zpz
a+LQikNYgxgzfl36B1IA/1O2NbW+zXx2F2hw4qDvkNQl/j5B/pbvrs1/On8y8liF
=Agst
-----END PGP SIGNATURE-----
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@wireshark.org>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@wireshark.org?subject=unsubscribe
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@wireshark.org>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@wireshark.org?subject=unsubscribe
[Attachment #5 (text/html)]
<html><body><div style="color:#000; background-color:#fff; font-family:HelveticaNeue, \
Helvetica Neue, Helvetica, Arial, Lucida Grande, \
sans-serif;font-size:12pt"><div><span>I should have mentioned" if you want to \
override that behavior, change that line to this:</span></div><div style="color: \
rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue,Helvetica \
Neue,Helvetica,Arial,Lucida Grande,sans-serif; background-color: transparent; \
font-style: normal;"><br> run_user_scripts_when_superuser = \
true</div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: \
HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif; \
background-color: transparent; font-style: normal;"><br></div><div style="color: \
rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue,Helvetica \
Neue,Helvetica,Arial,Lucida Grande,sans-serif; background-color: transparent; \
font-style: normal;">But note that the above line will get over-written the next \
time you compile or install wireshark, because init.lua will be replaced.</div><div \
style="color: rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue,Helvetica \
Neue,Helvetica,Arial,Lucida Grande,sans-serif; background-color: transparent; \
font-style: normal;"><br></div><div style="color: rgb(0, 0, 0); font-size: 16px; \
font-family: HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif; \
background-color: transparent; font-style: normal;">-hadriel</div><div style="color: \
rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue,Helvetica \
Neue,Helvetica,Arial,Lucida Grande,sans-serif; background-color: transparent; \
font-style: normal;"><br></div><div style="display: block;" class="yahoo_quoted"> \
<br> <br> <div style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, \
Lucida Grande, sans-serif; font-size: 12pt;"> <div style="font-family: HelveticaNeue, \
Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 12pt;"> <div \
dir="ltr"> <font face="Arial" size="2"> On Saturday, March 22, 2014 12:22 PM, Hadriel \
Kaplan <hadrielk@yahoo.com> wrote:<br> </font> </div> <div \
class="y_msg_container"><div id="yiv5872806659"><div><div \
style="color:#000;background-color:#fff;font-family:HelveticaNeue, Helvetica Neue, \
Helvetica, Arial, Lucida Grande, sans-serif;font-size:12pt;">Look in the init.lua \
file in your global config directory. It will have this line:<br \
clear="none"><br clear="none"> run_user_scripts_when_superuser = \
false<br clear="none"><br clear="none"><div><span>That's the default, so wireshark \
won't load your script when you do sudo. It's done that way for safety, \
since a Lua script can do basically anything it wants.<br \
clear="none"></span></div><div style="color:rgb(0, 0, \
0);font-size:16px;font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida \
Grande, sans-serif;background-color:transparent;font-style:normal;"><br \
clear="none"><span></span></div><div style="color:rgb(0, 0, \
0);font-size:16px;font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida \
Grande, sans-serif;background-color:transparent;font-style:normal;"><span>-hadriel</span></div><div \
style="color:rgb(0, 0, 0);font-size:16px;font-family:HelveticaNeue, Helvetica Neue, \
Helvetica, Arial, Lucida Grande, \
sans-serif;background-color:transparent;font-style:normal;"><span><br \
clear="none"></span></div><div class="yiv5872806659yqt6219847660" \
id="yiv5872806659yqt22435"><div class="yiv5872806659yahoo_quoted" \
style="display:block;"> <br clear="none"> <br clear="none"> <div \
style="font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, \
sans-serif;font-size:12pt;"> <div style="font-family:HelveticaNeue, Helvetica Neue, \
Helvetica, Arial, Lucida Grande, sans-serif;font-size:12pt;"> <div dir="ltr"> <font \
face="Arial" size="2"> On Saturday, March 22, 2014 11:57 AM, Toralf Förster \
<toralf.foerster@gmx.de> wrote:<br clear="none"> </font> </div> <div \
class="yiv5872806659y_msg_container">-----BEGIN PGP SIGNED MESSAGE-----<br \
clear="none">Hash: SHA256<br clear="none"><br clear="none">/me wonders why as a \
common user the LUA script is executed whwreas as sudo it won't print the hello world \
:<br clear="none"><br clear="none"><a rel="nofollow" shape="rect" \
ymailto="mailto:tfoerste@n22" target="_blank" \
href="mailto:tfoerste@n22">tfoerste@n22</a> ~/devel/wireshark $ cat hello.lua<br \
clear="none">-
-- hello.lua<br clear="none">- -- Lua's implementation of D. Ritchie's hello world \
program.<br clear="none"> print("hello world!")<br clear="none">- --<br \
clear="none">- --<br clear="none"><br clear="none"><a rel="nofollow" shape="rect" \
ymailto="mailto:tfoerste@n22" target="_blank" \
href="mailto:tfoerste@n22">tfoerste@n22</a> ~/devel/wireshark $ ./tshark -X \
lua_script:hello.lua<br clear="none">hello world!<br clear="none">tshark: There are \
no interfaces on which a capture can be done<br clear="none"><br clear="none"><br \
clear="none"><a rel="nofollow" shape="rect" ymailto="mailto:tfoerste@n22" \
target="_blank" href="mailto:tfoerste@n22">tfoerste@n22</a> ~/devel/wireshark $ sudo \
./tshark -X lua_script:hello.lua<br clear="none">Running as user "root" and group \
"root". This could be dangerous.<br clear="none">Capturing on 'wlp3s0'<br \
clear="none"> 1 16:40:09.559696 62.231.75.133 -> 192.168.178.21 TCP 236 \
afs3-fileserver → 35798 [PSH, ACK] Seq=1 Ack=1 Win=520 Len=170<br \
clear="none"> 2 16:40:09.559792 192.168.178.21 -> 62.231.75.133 TCP 66 35798 \
→ afs3-fileserver [ACK] Seq=1 Ack=171 Win=1304 Len=0<br clear="none"> 3 \
16:40:09.822955 192.168.178.1 -> 239.255.255.250 SSDP 165 M-SEARCH * HTTP/1.1<br \
clear="none"> 4 16:40:09.823733 fe80::a96:d7ff:fe05:f928 -> ff02::c \
SSDP 179 M-SEARCH * HTTP/1.1<br clear="none">^C4 packets captured<br \
clear="none"><br clear="none"><br clear="none">- -- <br clear="none">MfG/Sincerely<br \
clear="none">Toralf Förster<br clear="none">pgp finger print:1A37 6F99 4A9D 026F \
13E2 4DCF C4EA CDDE 0076 E94E<br clear="none">-----BEGIN PGP SIGNATURE-----<br \
clear="none">Version: GnuPG v2.0.22 (GNU/Linux)<br clear="none">Comment: Using GnuPG \
with Thunderbird - <a rel="nofollow" shape="rect" target="_blank" \
href="http://www.enigmail.net/">http://www.enigmail.net/</a><br clear="none"><br \
clear="none">iF4EAREIAAYFAlMtrzcACgkQxOrN3gB26U6T3QD/TsHPGLqRq1/XPCAv7Nru+zpz<br \
clear="none">a+LQikNYgxgzfl36B1IA/1O2NbW+zXx2F2hw4qDvkNQl/j5B/pbvrs1/On8y8liF<br \
clear="none">=Agst<br clear="none">-----END PGP SIGNATURE-----<br \
clear="none">___________________________________________________________________________<br \
clear="none">Sent via: Wireshark-users mailing list <<a \
rel="nofollow" shape="rect" ymailto="mailto:wireshark-users@wireshark.org" \
target="_blank" href="mailto:wireshark-users@wireshark.org">wireshark-users@wireshark.org</a>><br \
clear="none">Archives: <a rel="nofollow" shape="rect" target="_blank" \
href="http://www.wireshark.org/lists/wireshark-users">http://www.wireshark.org/lists/wireshark-users</a><br \
clear="none">Unsubscribe: <a rel="nofollow" shape="rect" target="_blank" \
href="https://wireshark.org/mailman/options/wireshark-users">https://wireshark.org/mailman/options/wireshark-users</a><br \
clear="none"> mailto:<a rel="nofollow" \
shape="rect" ymailto="mailto:wireshark-users-request@wireshark.org" target="_blank" \
href="mailto:wireshark-users-request@wireshark.org">wireshark-users-request@wireshark.org</a>?subject=unsubscribe<br \
clear="none"><br clear="none"></div> </div> </div> </div></div> \
</div></div></div><br><div class="yqt6219847660" \
id="yqt22855">___________________________________________________________________________<br \
clear="none">Sent via: Wireshark-users mailing list <<a shape="rect" \
ymailto="mailto:wireshark-users@wireshark.org" \
href="mailto:wireshark-users@wireshark.org">wireshark-users@wireshark.org</a>><br \
clear="none">Archives: <a shape="rect" \
href="http://www.wireshark.org/lists/wireshark-users" \
target="_blank">http://www.wireshark.org/lists/wireshark-users</a><br \
clear="none">Unsubscribe: <a shape="rect" \
href="https://wireshark.org/mailman/options/wireshark-users" \
target="_blank">https://wireshark.org/mailman/options/wireshark-users</a><br \
clear="none"> mailto:<a shape="rect" \
ymailto="mailto:wireshark-users-request@wireshark.org" \
href="mailto:wireshark-users-request@wireshark.org">wireshark-users-request@wireshark.org</a>?subject=unsubscribe</div><br><br></div> \
</div> </div> </div> </div></body></html>
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@wireshark.org>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@wireshark.org?subject=unsubscribe
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic