[sudo-users] sudo update for older OS X versions available
Kyle J. McKay
mackyle at gmail.com
Fri Nov 22 17:17:57 MST 2013
On Nov 22, 2013, at 12:59, Todd C. Miller wrote:
> It's unfortunate that Apple chooses not to update to sudo 1.8.x.
> They are the only vendor still shipping 1.7.x for new releases as
> far as I know. I don't know why they choose to not ship sudoedit
> and sudoreplay--that seems short-sighted. I suppose they assume
> people only use sudo as a way to have unlimited root access.
I agree with you. But the mind of apple is somewhat inscrutable at
the best of times.
> Thanks for breaking down the various patches. It's unfortunate
> that Apple doesn't bother to send potential fixes upstream. In
> case you are curious:
>
> 0009-Do-not-close-fds-on-OS-X.patch.txt
>
> This is due to libdispatch having file descriptors open even
> when grand central dispatch is not in use. Closing the libdispatch
> descriptors will cause a crash when executing the command. A
> similar Apple-specific change is already in sudo 1.8.x.
Thanks for the info. I presume that's rdar 6497333 based on the patch
I culled from opensource.apple.com, but that is, of course, unhelpful
to those of us outside apple without rdar access (and it doesn't seem
to be posted to openradar).
> 0010-Handle-EINTR-when-calling-tcsetattr.patch.txt
>
> This may be due to a bug in xnu, the Mac OS X kernel that I
> reported in May of 2010. Apple's bug database is not public
> but I made a copy of the report here:
> http://openradar.appspot.com/radar?id=6402578615107584
Interesting. But that behavior doesn't seem to violate the spec. for
read [1]. Although if SA_RESTART is set for the signal it would
likely violate the spec. for sigaction [2]. Since the current cat.c
source [3] does not appear to use SA_RESTART, the example that
produces "cat: stdin: Interrupted system call" does not, strictly
speaking, look to me like a bug according to the applicable
standards. But, as you point out, that may be surprising compared to
other systems.
> This patch is dangerous because it could lead to an infinite
> loop if sudo is not the foreground process.
Hmmm. On OS X the default action for SIGTTOU (presumably that's the
signal in question here [4]) is to stop the process and that seems to
be consistent with the standard [5]. So I think the process would
just suspend until it was brought back to the foreground wouldn't it?
I wonder if the bash sequence: 'sudo -k; sudo pwd& fg %1' fails to
prompt correctly without this fix. (Here 'pwd' is standing in for
some command where this is a "doh, I meant to use sudo -b instead of
&" moment.)
> You might want take a look at the mkpkg script included with sudo.
> It will build .pkg files installable on a Mac. By default it builds
> newer style flat packages but the pp script also supports older
> style package bundles if you need it to.
Thanks for the pointer. I was thinking there was unlikely to be much
interest in this update and considering the potential for malware
abuse an installer package that replaces sudo could do, I thought it
was best left as a fetch-the-source, build and sudo-make-install
exercise for those that feel they really need it. So, in the absence
of a crowd of clamoring supplicants :), I don't have any plans to post
an installer (especially since different-binary-based-on-destination-
os-x-version installers like I did for fakeroot [6] are a real PITA to
set up initially).
[1] http://pubs.opengroup.org/onlinepubs/000095399/functions/read.html
[2] http://pubs.opengroup.org/onlinepubs/9699919799/functions/sigaction.html
[3] http://www.opensource.apple.com/source/text_cmds/text_cmds-87/cat/cat.c
[4] http://pubs.opengroup.org/onlinepubs/009695299/functions/tcsetattr.html
[5] <http://pubs.opengroup.org/onlinepubs/009696799/xrat/xsh_chap02.html#tag_03_02_04_04
>
[6] http://mackyle.github.io/fakeroot/
Kyle
More information about the sudo-users
mailing list