Insufficient privileges?

John B Brown jbb at vcn.com
Fri Apr 29 14:33:51 PDT 2011 

Dear Bayard,

	Current Apple version.h source; "static const char version[] = "1.7.0";"

	Current sudo.ws source;

"jbb at pinball:~
(71): % sudo -V
Sudo version 1.8.1p1
Sudoers policy plugin version 1.8.1p1
Sudoers file grammar version 40
Sudoers I/O plugin version 1.8.1p1
jbb at pinball:~
(72): % "

	Of course that Apple version.h file is a little out of date even for the 
current Apple sudo distributed during the update process. Very sloppy!

	Needless to say, I do not have much confidence in Apple's open source. It took 
them over half a year to remove buggy sudo source code once the bugs were revealed.

Bayard Bell wrote:
> On 29 Apr 2011, at 17:09, John B Brown wrote:
> 
>> 	The key being 'what Apple list[s]', but not the code.
> 
> Actually, that list is from the source, which you can find at
> 
> http://opensource.apple.com/source/sudo/sudo-46/
> 
>> 	Do you have a URL for Apple's 'open source?' I don't so, please, send me a copy of that URL. Apple updates do not come from MacPorts sites. I already have copies of sudo source from MacPorts. A straight compile of MacPorts source gives me a 'bent' sudo executable. At 78, I don't have time for proprietary source search games; hiking the mountains is so much more satisfying.
> 
> See above. There's no need to for scare quotes around the words open source in this case, and you'll have a lot more time to hike mountains if you find and review the source as opposed to getting into minor surgery because of speculations about changes made by Apple. If you want an easy way to fetch the code for a given OS X release and view it locally, see
> 
> http://darwinbuild.macosforge.org/
> 
> This tool is also available via Macports IIRC.
> 
>> Bayard Bell wrote:
> 
>>> If you think you can keep all your windows open on your ground-floor home because you've got three locks on the front door and a three-foot tall fence around your garden, that is absolutely your decision, but it's not unreasonable on a list like this to point out that it makes for considerable security risks that others may not wish to accept.
>> 	EMFs are NOT doors or windows or fences.
> 
> I've explained the reasonable use case for something like NOPASSWD, and you've not come back with something resembling "science." Nevertheless, I'm happy to explain why the analogy is apt.
> 
> Firewalls allow some enforcement of protocol access policies, and their ability to deliver even that much varies considerably from completely effective given the prevalence of protocol and object tunnelling, which are facets of a general problem of not keeping up with application-level content inspection because of the difficulty of maintaining throughput and minimising latency. As stack overflows against IP stacks and server code have become less prevalent, attackers have shifted extensively toward client-side exploitation and attacks on web applications, moving much of the defensive efforts towards various forms of sandboxing so that attacks against browsers in particular can be contained. Nevertheless, it was three years on the trot that Charlie Miller managed to break into a fully patched OS X system via Safari, where at least two years of that involved using the same script to identify exploits (he didn't get to break OS X through Safari this year because a Dutch team 
got to go first and succeeded, so he had to settle for breaking iOS).
> 
> Despite progress (and some promising signs about Lion), OS X has remained behind on client-side defence because of partial implementation of memory protection measures, so I don't rest easy because of the number of firewalls between my Mac and the Internet because they're a security measure that's on a different plane than most attack vectors, which are furthermore designed to traverse most firewalls.
> 
> Cheers,
> Bayard



	Shalom,

	John B. Brown.
	[jbb at vcn.com]
	358 High Street,
	Buffalo, Wyoming
	82834

"Freedom is not worth having if it does not include
the freedom to make mistakes"  Mahatma Gandhi
"There was never a good war, or a bad peace."
Benjamin Franklin
"I wonder whether the world is being run
by smart people who are putting us on
or by imbeciles who really mean it."  Mark Twain

1-307-684-9068

More information about the macports-users mailing list