From e9fcd22af058ad0df02ff8324af2db249be38e4d Mon Sep 17 00:00:00 2001
From: YuviPanda <yuvipanda@gmail.com>
Date: Wed, 26 Jan 2022 22:52:15 +0530
Subject: [PATCH] Disable user sudo by default

Protects against vulnerabilities such as
https://arstechnica.com/information-technology/2022/01/a-bug-lurking-for-12-years-gives-attackers-root-on-every-major-linux-distro/
or the previous sudo vulnerability.

Equivalent of https://github.com/jupyterhub/kubespawner/pull/545

This should be counted as a braking change.
---
 systemdspawner/systemdspawner.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/systemdspawner/systemdspawner.py b/systemdspawner/systemdspawner.py
index dbb4453..f5a0f24 100644
--- a/systemdspawner/systemdspawner.py
+++ b/systemdspawner/systemdspawner.py
@@ -78,7 +78,7 @@ class SystemdSpawner(Spawner):
     ).tag(config=True)
 
     disable_user_sudo = Bool(
-        False,
+        True,
         help="""
         Set to true to disallow becoming root (or any other user) via sudo or other means from inside the notebook
         """,