diff options
author | Todd C. Miller <Todd.Miller@sudo.ws> | 2022-12-26 07:43:55 -0700 |
---|---|---|
committer | Todd C. Miller <Todd.Miller@sudo.ws> | 2022-12-26 07:43:55 -0700 |
commit | 5579a3266577c3d29e74c100e1077fea29770c29 (patch) | |
tree | 583d14f47efab39326c2005fc06ac33909734270 /docs/sudo_plugin_python.man.in | |
parent | 75b347962244068bbd870bdae686178b134eed52 (diff) | |
download | sudo-5579a3266577c3d29e74c100e1077fea29770c29.tar.gz |
Remove developer mode from sudo.conf, it is no longer used.
Diffstat (limited to 'docs/sudo_plugin_python.man.in')
-rw-r--r-- | docs/sudo_plugin_python.man.in | 27 |
1 files changed, 4 insertions, 23 deletions
diff --git a/docs/sudo_plugin_python.man.in b/docs/sudo_plugin_python.man.in index 1d0267bd0..da9c94e05 100644 --- a/docs/sudo_plugin_python.man.in +++ b/docs/sudo_plugin_python.man.in @@ -1882,32 +1882,13 @@ file, \fBsudo\fR will not load the Python interpreter or the Python libraries. .PP -By default, a Python plugin can only import Python modules which are -owned by -\fBroot\fR -and are only writable by the owner. -The reason for this is to prevent a file getting imported accidentally -which is modifiable by a non-root user. As \fBsudo\fR -plugins run as +runs plugins as \fBroot\fR, -accidentally importing such file would make it possible for any user -(having write access) to execute any code with administrative rights. -.PP -However, during development of a plugin this might not be very convenient. -The -sudo.conf(@mansectform@) -\fIdeveloper_mode\fR -option can be used to disable it. -For example: -.RS 6n -Set developer_mode true -.RE -.PP -This creates a security risk and is not recommended for production systems, -it is intended to be used in a development environment (VM, container, etc). -Before enabling developer mode, be sure that you understand the implications. +care must be taken when writing Python plugins to avoid creating +security vulnerabilities, just as one would when writing plugins +in C. .SH "SUPPORT" Limited free support is available via the sudo-users mailing list, see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or |