[sudo-users] sudo update for older OS X versions available

Todd C. Miller Todd.Miller at courtesan.com
Fri Nov 22 13:59:57 MST 2013


It's unfortunate that Apple chooses not to update to sudo 1.8.x.
They are the only vendor still shipping 1.7.x for new releases as
far as I know.  I don't know why they choose to not ship sudoedit
and sudoreplay--that seems short-sighted.  I suppose they assume
people only use sudo as a way to have unlimited root access.

Thanks for breaking down the various patches.  It's unfortunate
that Apple doesn't bother to send potential fixes upstream.  In
case you are curious:

0009-Do-not-close-fds-on-OS-X.patch.txt

    This is due to libdispatch having file descriptors open even
    when grand central dispatch is not in use.  Closing the libdispatch
    descriptors will cause a crash when executing the command.  A
    similar Apple-specific change is already in sudo 1.8.x.

0010-Handle-EINTR-when-calling-tcsetattr.patch.txt

    This may be due to a bug in xnu, the Mac OS X kernel that I
    reported in May of 2010.  Apple's bug database is not public
    but I made a copy of the report here:
	http://openradar.appspot.com/radar?id=6402578615107584
    This patch is dangerous because it could lead to an infinite
    loop if sudo is not the foreground process.

You might want take a look at the mkpkg script included with sudo.
It will build .pkg files installable on a Mac.  By default it builds
newer style flat packages but the pp script also supports older
style package bundles if you need it to.

 - todd


More information about the sudo-users mailing list