From 4f7b0a6280ab17e1ccfd4aa603cdd647e92ac12b Mon Sep 17 00:00:00 2001 From: Jeremy Stanley Date: Sun, 4 Oct 2020 15:11:58 +0000 Subject: [PATCH] Add warnings about debugging mode Debugging mode is intended to enable administrative commands which are especially unsafe and could even be used to run arbitrary shell commands or alter files accessible to the user under which the service runs. Log a warning about it at startup if the option has been set, and insert some comments to that effect in the sample configuration so that hopefully no one will turn it on without due forethought. Also add a mention about its risks in the config doc. --- doc/source/configuration.rst | 5 ++++- etc/mudpy.yaml | 3 +++ mudpy/misc.py | 2 ++ mudpy/tests/fixtures/test_daemon.yaml | 3 +++ 4 files changed, 12 insertions(+), 1 deletion(-) diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst index d0001fc..2ced5c2 100644 --- a/doc/source/configuration.rst +++ b/doc/source/configuration.rst @@ -173,7 +173,10 @@ Example:: bool, optional Whether unsafe debugging functionality is enabled. If unspecified or -set to false, unsafe debugging functions will be disabled. +set to false, unsafe debugging functions will be disabled. Be very +careful enabling this feature, as debugging commands may allow service +administrators to run arbitrary shell commands or modify files +accessible to the system user underwhich the service is running. Example:: diff --git a/etc/mudpy.yaml b/etc/mudpy.yaml index 8c413a3..7fc5b67 100644 --- a/etc/mudpy.yaml +++ b/etc/mudpy.yaml @@ -48,6 +48,9 @@ _lock: true - admin .mudpy.limit.avatars: 7 # .mudpy.limit.backups: 10 +# Debugging commands are dangerous, and may result in granting +# administrative users access to the system account under which the +# service runs. Be very sure you trust your admins before enabling! # .mudpy.limit.debug: true .mudpy.limit.password_tries: 3 diff --git a/mudpy/misc.py b/mudpy/misc.py index 3968039..e9845d5 100644 --- a/mudpy/misc.py +++ b/mudpy/misc.py @@ -2121,6 +2121,8 @@ def setup(): log("Running version: %s" % universe.versions.version, 1) log("Initial directory: %s" % universe.startdir, 1) log("Command line: %s" % " ".join(sys.argv), 1) + if universe.debug_mode(): + log("WARNING: Unsafe debugging mode is enabled!", 6) # pass the initialized universe back return universe diff --git a/mudpy/tests/fixtures/test_daemon.yaml b/mudpy/tests/fixtures/test_daemon.yaml index 3a7f8e1..318967a 100644 --- a/mudpy/tests/fixtures/test_daemon.yaml +++ b/mudpy/tests/fixtures/test_daemon.yaml @@ -49,6 +49,9 @@ _lock: true - admin .mudpy.limit.avatars: 7 .mudpy.limit.backups: 3 +# Debugging commands are dangerous, and may result in granting +# administrative users access to the system account under which the +# service runs. Be very sure you trust your admins before enabling! # .mudpy.limit.debug: true .mudpy.limit.password_tries: 3 -- 2.11.0