mirror of
https://github.com/sshuttle/sshuttle.git
synced 2024-11-21 15:33:23 +01:00
5719d424de
Allowing sshuttle to add/overwrite sudoers configuration file at locations of the users' choosing adds complexity to the code compared to asking users to install the sudo configuration themselves. It requires sshuttle to make decisions about how much effort we put into ensuring that the file is written to a proper location. The current method relies on the 'realpath' program which is not installed on MacOS by default. There are serious problems when the sudo configuration is used to allow a user to *only* run sshuttle as root (with or without a password). First, that user could then use the --sudoers option to give other users sudo privileges. Second, the user can run any command as root because sshuttle accepts a --ssh-cmd parameter which allows a user to specify a program that sshuttle should run. There may also be additional issues that we have not identified. By removing the --sudoers option (and the associated sudoers-add script), this reduces the problems above. This code keeps the --sudoers-no-modify feature which prints a configuration to stdout for the user to install. It includes a clear warning about how --ssh-cmd could potentially be abused to run other programs. A warning about some of these issues has been in sshuttle since version 1.1.0. This commit also adds that warning to more locations in the documentation. |
||
|---|---|---|
| .. | ||
| changes.rst | ||
| chromeos.rst | ||
| conf.py | ||
| how-it-works.rst | ||
| index.rst | ||
| installation.rst | ||
| make.bat | ||
| Makefile | ||
| manpage.rst | ||
| openwrt.rst | ||
| overview.rst | ||
| platform.rst | ||
| requirements.rst | ||
| support.rst | ||
| tproxy.rst | ||
| trivia.rst | ||
| usage.rst | ||
| windows.rst | ||