[sudo-users] sudo update for older OS X versions available
Todd C. Miller
Todd.Miller at courtesan.com
Fri Nov 22 13:59:57 MST 2013
It's unfortunate that Apple chooses not to update to sudo 1.8.x.
They are the only vendor still shipping 1.7.x for new releases as
far as I know. I don't know why they choose to not ship sudoedit
and sudoreplay--that seems short-sighted. I suppose they assume
people only use sudo as a way to have unlimited root access.
Thanks for breaking down the various patches. It's unfortunate
that Apple doesn't bother to send potential fixes upstream. In
case you are curious:
0009-Do-not-close-fds-on-OS-X.patch.txt
This is due to libdispatch having file descriptors open even
when grand central dispatch is not in use. Closing the libdispatch
descriptors will cause a crash when executing the command. A
similar Apple-specific change is already in sudo 1.8.x.
0010-Handle-EINTR-when-calling-tcsetattr.patch.txt
This may be due to a bug in xnu, the Mac OS X kernel that I
reported in May of 2010. Apple's bug database is not public
but I made a copy of the report here:
http://openradar.appspot.com/radar?id=6402578615107584
This patch is dangerous because it could lead to an infinite
loop if sudo is not the foreground process.
You might want take a look at the mkpkg script included with sudo.
It will build .pkg files installable on a Mac. By default it builds
newer style flat packages but the pp script also supports older
style package bundles if you need it to.
- todd
More information about the sudo-users
mailing list