Remove developer mode from sudo.conf, it is no longer used.

2022-12-26 07:43:55 -07:00
parent fa1b86fca6
commit 50958a05da
23 changed files with 10 additions and 200 deletions
--- a/3
+++ b/3
@@ -310,9 +310,6 @@ lib/util/regress/sudo_conf/test6.in
 lib/util/regress/sudo_conf/test6.out.ok
 lib/util/regress/sudo_conf/test7.in
 lib/util/regress/sudo_conf/test7.out.ok
 lib/util/regress/sudo_conf/test8.err.ok
 lib/util/regress/sudo_conf/test8.in
 lib/util/regress/sudo_conf/test8.out.ok
 lib/util/regress/sudo_parseln/parseln_test.c
 lib/util/regress/sudo_parseln/test1.in
 lib/util/regress/sudo_parseln/test1.out.ok
--- a/docs/sudo.conf.man.in
+++ b/docs/sudo.conf.man.in
@@ -401,37 +401,6 @@ This setting is only available in
 version 1.8.4 and higher.
 .RE
 .TP 10n
 developer_mode
 By default
 \fBsudo\fR
 refuses to load plugins which can be modified by other than the root user.
 The plugin should be owned by root and write access permissions should be
 disabled for
 \(lqgroup\(rq
 and
 \(lqother\(rq\&.
 To make development of a plugin easier, you can disable that by setting
 \(lqdeveloper_mode\(rq
 option to true in
 \fBsudo.conf\fR
 as follows:
 .nf
 .sp
 .RS 14n
 Set developer_mode true
 .RE
 .fi
 .RS 10n
 .sp
 This creates a security risk and is not recommended for production systems,
 it is intended to be used in a development environment (VM, container, etc).
 Before enabling developer mode, be sure that you understand the implications.
 .sp
 This setting is only available in
 \fBsudo\fR
 version 1.9.0 and higher.
 .RE
 .TP 10n
 group_source
 \fBsudo\fR
 passes the invoking user's group list to the policy and I/O plugins.
@@ -810,14 +779,6 @@ front-end configuration
 #
 #Path plugin_dir @plugindir@
 #
 # Sudo developer mode:
 #   Set developer_mode true|false
 #
 # Allow loading of plugins that are owned by non-root or are writable
 # by "group" or "other".  Should only be used during plugin development.
 #Set developer_mode true
 #
 # Core dumps:
 #   Set disable_coredump true|false
--- a/docs/sudo.conf.mdoc.in
+++ b/docs/sudo.conf.mdoc.in
@@ -368,34 +368,6 @@ command is used to configure core dump behavior.
 This setting is only available in
 .Nm sudo
 version 1.8.4 and higher.
 .It developer_mode
 By default
 .Nm sudo
 refuses to load plugins which can be modified by other than the root user.
 The plugin should be owned by root and write access permissions should be
 disabled for
 .Dq group
 and
 .Sm off
 .Dq other
 \&.
 .Sm on
 To make development of a plugin easier, you can disable that by setting
 .Dq developer_mode
 option to true in
 .Nm sudo.conf
 as follows:
 .Bd -literal -offset 4n
 Set developer_mode true
 .Ed
 .Pp
 This creates a security risk and is not recommended for production systems,
 it is intended to be used in a development environment (VM, container, etc).
 Before enabling developer mode, be sure that you understand the implications.
 .Pp
 This setting is only available in
 .Nm sudo
 version 1.9.0 and higher.
 .It group_source
 .Nm sudo
 passes the invoking user's group list to the policy and I/O plugins.
@@ -739,14 +711,6 @@ front-end configuration
 #
 #Path plugin_dir @plugindir@
 #
 # Sudo developer mode:
 #   Set developer_mode true|false
 #
 # Allow loading of plugins that are owned by non-root or are writable
 # by "group" or "other".  Should only be used during plugin development.
 #Set developer_mode true
 #
 # Core dumps:
 #   Set disable_coredump true|false
--- a/docs/sudo_plugin_python.man.in
+++ b/docs/sudo_plugin_python.man.in
@@ -1882,32 +1882,13 @@ file,
 \fBsudo\fR
 will not load the Python interpreter or the Python libraries.
 .PP
 By default, a Python plugin can only import Python modules which are
 owned by
 \fBroot\fR
 and are only writable by the owner.
 The reason for this is to prevent a file getting imported accidentally
 which is modifiable by a non-root user.
 As
 \fBsudo\fR
-plugins run as
+runs plugins as
 \fBroot\fR,
-accidentally importing such file would make it possible for any user
+care must be taken when writing Python plugins to avoid creating
-(having write access) to execute any code with administrative rights.
+security vulnerabilities, just as one would when writing plugins
-.PP
+in C.
 However, during development of a plugin this might not be very convenient.
 The
 sudo.conf(@mansectform@)
 \fIdeveloper_mode\fR
 option can be used to disable it.
 For example:
 .RS 6n
 Set developer_mode true
 .RE
 .PP
 This creates a security risk and is not recommended for production systems,
 it is intended to be used in a development environment (VM, container, etc).
 Before enabling developer mode, be sure that you understand the implications.
 .SH "SUPPORT"
 Limited free support is available via the sudo-users mailing list,
 see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or
--- a/docs/sudo_plugin_python.mdoc.in
+++ b/docs/sudo_plugin_python.mdoc.in
@@ -1533,30 +1533,13 @@ file,
 .Nm sudo
 will not load the Python interpreter or the Python libraries.
 .Pp
 By default, a Python plugin can only import Python modules which are
 owned by
 .Sy root
 and are only writable by the owner.
 The reason for this is to prevent a file getting imported accidentally
 which is modifiable by a non-root user.
 As
 .Nm sudo
-plugins run as
+runs plugins as
 .Sy root ,
-accidentally importing such file would make it possible for any user
+care must be taken when writing Python plugins to avoid creating
-(having write access) to execute any code with administrative rights.
+security vulnerabilities, just as one would when writing plugins
-.Pp
+in C.
 However, during development of a plugin this might not be very convenient.
 The
 .Xr sudo.conf @mansectform@
 .Em developer_mode
 option can be used to disable it.
 For example:
 .Dl Set developer_mode true
 .Pp
 This creates a security risk and is not recommended for production systems,
 it is intended to be used in a development environment (VM, container, etc).
 Before enabling developer mode, be sure that you understand the implications.
 .Sh SUPPORT
 Limited free support is available via the sudo-users mailing list,
 see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or
--- a/examples/sudo.conf.in
+++ b/examples/sudo.conf.in
@@ -76,14 +76,6 @@
 #
 #Path plugin_dir @plugindir@
 #
 # Sudo developer mode:
 #   Set developer_mode true|false
 #
 # Allow loading of plugins that are owned by non-root or are writable
 # by "group" or "other".  Should only be used during plugin development.
 #Set developer_mode true
 #
 # Core dumps:
 #   Set disable_coredump true|false
--- a/lib/util/regress/corpus/seed/sudo_conf/sudo.conf.1
+++ b/lib/util/regress/corpus/seed/sudo_conf/sudo.conf.1
@@ -61,14 +61,6 @@
 #
 #Path plugin_dir /usr/local/libexec/sudo
 #
 # Sudo developer mode:
 #   Set developer_mode true|false
 #
 # Allow loading of plugins that are owned by non-root or are writable
 # by "group" or "other".  Should only be used during plugin development.
 #Set developer_mode true
 #
 # Core dumps:
 #   Set disable_coredump true|false
--- a/lib/util/regress/corpus/seed/sudo_conf/sudo.conf.2
+++ b/lib/util/regress/corpus/seed/sudo_conf/sudo.conf.2
@@ -61,14 +61,6 @@ Path noexec /usr/local/libexec/sudo/sudo_noexec.so
 #
 Path plugin_dir /usr/local/libexec/sudo
 #
 # Sudo developer mode:
 #   Set developer_mode true|false
 #
 # Allow loading of plugins that are owned by non-root or are writable
 # by "group" or "other".  Should only be used during plugin development.
 Set developer_mode true
 #
 # Core dumps:
 #   Set disable_coredump true|false
--- a/lib/util/regress/corpus/seed/sudo_conf/sudo.conf.3
+++ b/lib/util/regress/corpus/seed/sudo_conf/sudo.conf.3
@@ -66,14 +66,6 @@ Path plugin_dir /usr/local/libexec/sudo
 #
 Path sesh /usr/local/libexec/sudo/sesh
 #
 # Sudo developer mode:
 #   Set developer_mode true|false
 #
 # Allow loading of plugins that are owned by non-root or are writable
 # by "group" or "other".  Should only be used during plugin development.
 Set developer_mode true
 #
 # Core dumps:
 #   Set disable_coredump true|false
--- a/lib/util/regress/fuzz/fuzz_sudo_conf.dict
+++ b/lib/util/regress/fuzz/fuzz_sudo_conf.dict
@@ -12,7 +12,6 @@
 "devsearch"
 # Variables
 "developer_mode"
 "disable_coredump"
 "group_source"
 "max_groups"
--- a/lib/util/regress/sudo_conf/conf_test.c
+++ b/lib/util/regress/sudo_conf/conf_test.c
@@ -89,8 +89,6 @@ sudo_conf_dump(void)
    struct sudo_debug_file *debug_file;
    struct plugin_info *info;
    printf("Set developer_mode %s\n",
 	sudo_conf_developer_mode() ? "true" : "false");
    printf("Set disable_coredump %s\n",
 	sudo_conf_disable_coredump() ? "true" : "false");
    printf("Set group_source %s\n",
--- a/lib/util/regress/sudo_conf/test1.in
+++ b/lib/util/regress/sudo_conf/test1.in
@@ -55,15 +55,6 @@ Path noexec /usr/libexec/sudo_noexec.so
 #
 Set disable_coredump false
 #
 # Developer mode:
 #
 # By default, sudo enforces that each plugin it loads is only modifiable as
 # non root user. This might not be very convenient for plugin development,
 # so this can be disabled by setting "developer_mode" to true.
 #
 Set developer_mode true
 #
 # User groups:
 #
--- a/lib/util/regress/sudo_conf/test1.out.ok
+++ b/lib/util/regress/sudo_conf/test1.out.ok
@@ -1,4 +1,3 @@
 Set developer_mode true
 Set disable_coredump false
 Set group_source static
 Set max_groups -1
--- a/lib/util/regress/sudo_conf/test2.out.ok
+++ b/lib/util/regress/sudo_conf/test2.out.ok
@@ -1,4 +1,3 @@
 Set developer_mode false
 Set disable_coredump true
 Set group_source adaptive
 Set max_groups -1
--- a/lib/util/regress/sudo_conf/test3.out.ok
+++ b/lib/util/regress/sudo_conf/test3.out.ok
@@ -1,4 +1,3 @@
 Set developer_mode false
 Set disable_coredump true
 Set group_source adaptive
 Set max_groups -1
--- a/lib/util/regress/sudo_conf/test4.out.ok
+++ b/lib/util/regress/sudo_conf/test4.out.ok
@@ -1,4 +1,3 @@
 Set developer_mode false
 Set disable_coredump true
 Set group_source adaptive
 Set max_groups -1
--- a/lib/util/regress/sudo_conf/test5.out.ok
+++ b/lib/util/regress/sudo_conf/test5.out.ok
@@ -1,4 +1,3 @@
 Set developer_mode false
 Set disable_coredump true
 Set group_source adaptive
 Set max_groups -1
--- a/lib/util/regress/sudo_conf/test6.out.ok
+++ b/lib/util/regress/sudo_conf/test6.out.ok
@@ -1,4 +1,3 @@
 Set developer_mode false
 Set disable_coredump true
 Set group_source adaptive
 Set max_groups 16
--- a/lib/util/regress/sudo_conf/test7.out.ok
+++ b/lib/util/regress/sudo_conf/test7.out.ok
@@ -1,4 +1,3 @@
 Set developer_mode false
 Set disable_coredump true
 Set group_source adaptive
 Set max_groups -1
--- a/lib/util/regress/sudo_conf/test8.err.ok
+++ b/lib/util/regress/sudo_conf/test8.err.ok
@@ -1 +0,0 @@
 conf_test: invalid value for developer_mode "foo" in regress/sudo_conf/test8.in, line 1
--- a/lib/util/regress/sudo_conf/test8.in
+++ b/lib/util/regress/sudo_conf/test8.in
@@ -1 +0,0 @@
 Set developer_mode foo
--- a/lib/util/regress/sudo_conf/test8.out.ok
+++ b/lib/util/regress/sudo_conf/test8.out.ok
@@ -1,4 +0,0 @@
 Set developer_mode false
 Set disable_coredump true
 Set group_source adaptive
 Set max_groups -1
--- a/lib/util/sudo_conf.c
+++ b/lib/util/sudo_conf.c
@@ -74,7 +74,6 @@ struct sudo_conf_path_table {
 struct sudo_conf_settings {
    bool updated;
    bool developer_mode;
    bool disable_coredump;
    bool probe_interfaces;
    int group_source;
@@ -94,14 +93,12 @@ static struct sudo_conf_table sudo_conf_table[] = {
    { NULL }
 };
 static int set_var_developer_mode(const char *entry, const char *conf_file, unsigned int);
 static int set_var_disable_coredump(const char *entry, const char *conf_file, unsigned int);
 static int set_var_group_source(const char *entry, const char *conf_file, unsigned int);
 static int set_var_max_groups(const char *entry, const char *conf_file, unsigned int);
 static int set_var_probe_interfaces(const char *entry, const char *conf_file, unsigned int);
 static struct sudo_conf_table sudo_conf_var_table[] = {
    { "developer_mode", sizeof("developer_mode") - 1, set_var_developer_mode },
    { "disable_coredump", sizeof("disable_coredump") - 1, set_var_disable_coredump },
    { "group_source", sizeof("group_source") - 1, set_var_group_source },
    { "max_groups", sizeof("max_groups") - 1, set_var_max_groups },
@@ -140,7 +137,6 @@ static struct sudo_conf_table sudo_conf_var_table[] = {
 #define SUDO_CONF_SETTINGS_INITIALIZER	{				\
    false,			/* updated */				\
    false,			/* developer_mode */			\
    true,			/* disable_coredump */			\
    true,			/* probe_interfaces */			\
    GROUP_SOURCE_DEFAULT,	/* group_source */			\
@@ -393,22 +389,6 @@ oom:
    debug_return_int(-1);
 }
 static int
 set_var_developer_mode(const char *strval, const char *conf_file,
    unsigned int lineno)
 {
    int val = sudo_strtobool(strval);
    debug_decl(set_var_developer_mode, SUDO_DEBUG_UTIL);
    if (val == -1) {
        sudo_warnx(U_("invalid value for %s \"%s\" in %s, line %u"),
            "developer_mode", strval, conf_file, lineno);
        debug_return_bool(false);
    }
    sudo_conf_data.settings.developer_mode = val;
    debug_return_bool(true);
 }
 static int
 set_var_disable_coredump(const char *strval, const char *conf_file,
    unsigned int lineno)
@@ -569,7 +549,8 @@ sudo_conf_debug_files_v1(const char *progname)
 bool
 sudo_conf_developer_mode_v1(void)
 {
-    return sudo_conf_data.settings.developer_mode;
+    /* Developer mode was removed in sudo 1.9.13. */
    return false;
 }
 bool
		`@@ -1 +0,0 @@`
			`conf_test: invalid value for developer_mode "foo" in regress/sudo_conf/test8.in, line 1`