Remove developer mode from sudo.conf, it is no longer used.
This commit is contained in:
Todd C. Miller
@@ -1533,30 +1533,13 @@ file,
|
||||
.Nm sudo
|
||||
will not load the Python interpreter or the Python libraries.
|
||||
.Pp
|
||||
By default, a Python plugin can only import Python modules which are
|
||||
owned by
|
||||
.Sy root
|
||||
and are only writable by the owner.
|
||||
The reason for this is to prevent a file getting imported accidentally
|
||||
which is modifiable by a non-root user.
|
||||
As
|
||||
.Nm sudo
|
||||
plugins run as
|
||||
runs plugins as
|
||||
.Sy root ,
|
||||
accidentally importing such file would make it possible for any user
|
||||
(having write access) to execute any code with administrative rights.
|
||||
.Pp
|
||||
However, during development of a plugin this might not be very convenient.
|
||||
The
|
||||
.Xr sudo.conf @mansectform@
|
||||
.Em developer_mode
|
||||
option can be used to disable it.
|
||||
For example:
|
||||
.Dl Set developer_mode true
|
||||
.Pp
|
||||
This creates a security risk and is not recommended for production systems,
|
||||
it is intended to be used in a development environment (VM, container, etc).
|
||||
Before enabling developer mode, be sure that you understand the implications.
|
||||
care must be taken when writing Python plugins to avoid creating
|
||||
security vulnerabilities, just as one would when writing plugins
|
||||
in C.
|
||||
.Sh SUPPORT
|
||||
Limited free support is available via the sudo-users mailing list,
|
||||
see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or
|
||||
|
||||
Reference in New Issue
Block a user