seven1m/onebody

security risk

masukomi opened this issue · 1 comments

in your app.yml it says

sudo: ['ALL=(ALL) NOPASSWD:ALL']

if that is actually editing the sudoers file then i think you've opened up a huge security hole in that anyone can now become root without needing a password.

I think it might be possible to reduce that. I’ll see what I can do.

To be clear though, a user would still need to log into the machine. The installer assumes you are not creating other users on your Digital Ocean vps instance.