Document supybot.commands.allowShell.

This commit is contained in:
Valentin Lorentz 2018-02-04 12:07:15 +01:00
parent dfad42bc1c
commit 1af914e452

15
use/security.rst Normal file → Executable file
View File

@ -18,8 +18,8 @@ their bot as secure as possible.
Trust in network operators Trust in network operators
========================== ==========================
As you may know, it is possible to do anything from IRC, including loading As you may know, by default, it is possible to do anything from IRC, including
the Unix plugin and using the `@call` command. loading the Unix plugin and using the `@call` command.
The only safeguard is checking the user calling the commands is authenticated The only safeguard is checking the user calling the commands is authenticated
as the owner of the bot; and network operators are able to spoof hostmasks as the owner of the bot; and network operators are able to spoof hostmasks
and collect your password, thus allowing them to execute commands as the and collect your password, thus allowing them to execute commands as the
@ -28,6 +28,15 @@ owner.
Although network operators of most well-known IRC networks are not known to Although network operators of most well-known IRC networks are not known to
do that, you should be aware of that risk. do that, you should be aware of that risk.
Starting on commit `4f6a5e7db`_ (version 2017.10.01), there is a new
configuration variable, `supybot.commands.allowShell`, to prevent malicious
network operators from getting shell access on your bot's computer.
It defaults to `True` to make it easy for new users to install plugins using
PluginDownloader, but it is recommended you set it to `False` if you do not
care about that feature.
.. _4f6a5e7db: https://github.com/ProgVal/Limnoria/commit/4f6a5e7db
.. _security-ssl: .. _security-ssl:
@ -59,7 +68,7 @@ Certificate validation in Limnoria
Until version 2016.02.24, Limnoria did not support certificate validation. Until version 2016.02.24, Limnoria did not support certificate validation.
Starting from this version, it is possible, but disabled by default, in order Starting from this version, it is possible, but disabled by default, in order
to not break existing bot when updating. to not break existing bots when updating.
Certificate validation can be enabled using this command:: Certificate validation can be enabled using this command::