[sudo-users] sudo update for older OS X versions available
Kyle J. McKay
mackyle at gmail.com
Fri Nov 22 17:17:57 MST 2013
On Nov 22, 2013, at 12:59, Todd C. Miller wrote:
> It's unfortunate that Apple chooses not to update to sudo 1.8.x.
> They are the only vendor still shipping 1.7.x for new releases as
> far as I know. I don't know why they choose to not ship sudoedit
> and sudoreplay--that seems short-sighted. I suppose they assume
> people only use sudo as a way to have unlimited root access.
I agree with you. But the mind of apple is somewhat inscrutable at
the best of times.
> Thanks for breaking down the various patches. It's unfortunate
> that Apple doesn't bother to send potential fixes upstream. In
> case you are curious:
> This is due to libdispatch having file descriptors open even
> when grand central dispatch is not in use. Closing the libdispatch
> descriptors will cause a crash when executing the command. A
> similar Apple-specific change is already in sudo 1.8.x.
Thanks for the info. I presume that's rdar 6497333 based on the patch
I culled from opensource.apple.com, but that is, of course, unhelpful
to those of us outside apple without rdar access (and it doesn't seem
to be posted to openradar).
> This may be due to a bug in xnu, the Mac OS X kernel that I
> reported in May of 2010. Apple's bug database is not public
> but I made a copy of the report here:
Interesting. But that behavior doesn't seem to violate the spec. for
read . Although if SA_RESTART is set for the signal it would
likely violate the spec. for sigaction . Since the current cat.c
source  does not appear to use SA_RESTART, the example that
produces "cat: stdin: Interrupted system call" does not, strictly
speaking, look to me like a bug according to the applicable
standards. But, as you point out, that may be surprising compared to
> This patch is dangerous because it could lead to an infinite
> loop if sudo is not the foreground process.
Hmmm. On OS X the default action for SIGTTOU (presumably that's the
signal in question here ) is to stop the process and that seems to
be consistent with the standard . So I think the process would
just suspend until it was brought back to the foreground wouldn't it?
I wonder if the bash sequence: 'sudo -k; sudo pwd& fg %1' fails to
prompt correctly without this fix. (Here 'pwd' is standing in for
some command where this is a "doh, I meant to use sudo -b instead of
> You might want take a look at the mkpkg script included with sudo.
> It will build .pkg files installable on a Mac. By default it builds
> newer style flat packages but the pp script also supports older
> style package bundles if you need it to.
Thanks for the pointer. I was thinking there was unlikely to be much
interest in this update and considering the potential for malware
abuse an installer package that replaces sudo could do, I thought it
was best left as a fetch-the-source, build and sudo-make-install
exercise for those that feel they really need it. So, in the absence
of a crowd of clamoring supplicants :), I don't have any plans to post
an installer (especially since different-binary-based-on-destination-
os-x-version installers like I did for fakeroot  are a real PITA to
set up initially).
More information about the sudo-users