From 4f7b0a6280ab17e1ccfd4aa603cdd647e92ac12b Mon Sep 17 00:00:00 2001
From: Jeremy Stanley <fungi@yuggoth.org>
Date: Sun, 4 Oct 2020 15:11:58 +0000
Subject: [PATCH] Add warnings about debugging mode

Debugging mode is intended to enable administrative commands which
are especially unsafe and could even be used to run arbitrary shell
commands or alter files accessible to the user under which the
service runs. Log a warning about it at startup if the option has
been set, and insert some comments to that effect in the sample
configuration so that hopefully no one will turn it on without due
forethought. Also add a mention about its risks in the config doc.
---
 doc/source/configuration.rst          | 5 ++++-
 etc/mudpy.yaml                        | 3 +++
 mudpy/misc.py                         | 2 ++
 mudpy/tests/fixtures/test_daemon.yaml | 3 +++
 4 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst
index d0001fc..2ced5c2 100644
--- a/doc/source/configuration.rst
+++ b/doc/source/configuration.rst
@@ -173,7 +173,10 @@ Example::
 bool, optional
 
 Whether unsafe debugging functionality is enabled. If unspecified or
-set to false, unsafe debugging functions will be disabled.
+set to false, unsafe debugging functions will be disabled. Be very
+careful enabling this feature, as debugging commands may allow service
+administrators to run arbitrary shell commands or modify files
+accessible to the system user underwhich the service is running.
 
 Example::
 
diff --git a/etc/mudpy.yaml b/etc/mudpy.yaml
index 8c413a3..7fc5b67 100644
--- a/etc/mudpy.yaml
+++ b/etc/mudpy.yaml
@@ -48,6 +48,9 @@ _lock: true
     - admin
 .mudpy.limit.avatars: 7
 # .mudpy.limit.backups: 10
+# Debugging commands are dangerous, and may result in granting
+# administrative users access to the system account under which the
+# service runs. Be very sure you trust your admins before enabling!
 # .mudpy.limit.debug: true
 .mudpy.limit.password_tries: 3
 
diff --git a/mudpy/misc.py b/mudpy/misc.py
index 3968039..e9845d5 100644
--- a/mudpy/misc.py
+++ b/mudpy/misc.py
@@ -2121,6 +2121,8 @@ def setup():
     log("Running version: %s" % universe.versions.version, 1)
     log("Initial directory: %s" % universe.startdir, 1)
     log("Command line: %s" % " ".join(sys.argv), 1)
+    if universe.debug_mode():
+        log("WARNING: Unsafe debugging mode is enabled!", 6)
 
     # pass the initialized universe back
     return universe
diff --git a/mudpy/tests/fixtures/test_daemon.yaml b/mudpy/tests/fixtures/test_daemon.yaml
index 3a7f8e1..318967a 100644
--- a/mudpy/tests/fixtures/test_daemon.yaml
+++ b/mudpy/tests/fixtures/test_daemon.yaml
@@ -49,6 +49,9 @@ _lock: true
     - admin
 .mudpy.limit.avatars: 7
 .mudpy.limit.backups: 3
+# Debugging commands are dangerous, and may result in granting
+# administrative users access to the system account under which the
+# service runs. Be very sure you trust your admins before enabling!
 # .mudpy.limit.debug: true
 .mudpy.limit.password_tries: 3
 
-- 
2.11.0