Replacing system sudo with MacPorts sudo?

Al Varnell alvarnell at mac.com
Fri Feb 12 02:35:33 UTC 2021


On Feb 11, 2021, at 17:32, Wowfunhappy at gmail.com <wowfunhappy at gmail.com> wrote:
> Hello all!
> 
> The recently discovered vulnerability in sudo is making me nervous about my old systems. This may be unreasonable, as these systems have plenty of other vulnerabilities and I behave accordingly. However, sudo just seems like such a vital component, and this exploit particularly bad.

I don't believe that any exploits have been found in-the-wild with regard to this potentially dangerous vulnerability.

> It doesn't look like MacPorts sudo has any dependencies, so how terrible of an idea would it be to just plop it in /usr/bin/? Do any obvious pitfalls come to mind, perhaps around configuration file paths? (I also of course realize this would be totally "unsupported", whatever that really means under the circumstances... 🙂)

I think the only danger would be if there are some macOS dependancies that only Apple knows about and has considered when distributing the recent Mojave, Catalina and Big Sur updates. Not sure why you wouldn't just install it as a MacPorts install to override the one you have in /usr/bin.

> I could also just wait for Apple's next open source drop, and see if their patched sudo can be compiled to target older systems... better idea?

Do you have reason to believe that the patched sudo distributed by Apple is any different from that distributed by the sudo developer?

-Al-

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macports.org/pipermail/macports-users/attachments/20210211/8a5e28aa/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4376 bytes
Desc: not available
URL: <http://lists.macports.org/pipermail/macports-users/attachments/20210211/8a5e28aa/attachment.bin>


More information about the macports-users mailing list