Replacing system sudo with MacPorts sudo?
raf
macports at raf.org
Fri Feb 12 07:16:25 UTC 2021
On Thu, Feb 11, 2021 at 08:32:19PM -0500, "Wowfunhappy at gmail.com" <wowfunhappy at gmail.com> wrote:
> Hello all!
>
> The recently discovered vulnerability in sudo is making me nervous
> about my old systems. This may be unreasonable, as these systems have
> plenty of other vulnerabilities and I behave accordingly. However,
> sudo just seems like such a vital component, and this exploit
> particularly bad.
>
> It doesn't look like MacPorts sudo has any dependencies, so how
> terrible of an idea would it be to just plop it in /usr/bin/? Do any
> obvious pitfalls come to mind, perhaps around configuration file
> paths? (I also of course realize this would be totally "unsupported",
> whatever that really means under the circumstances... 🙂)
>
> I could also just wait for Apple's next open source drop, and see if
> their patched sudo can be compiled to target older systems... better
> idea?
Just a personal opinion, but if you are the only person
using your mac, and hence the only person likely to use
sudo, I'd recommend leaving the system version alone,
and just make sure that you only use the latest version
via macports, by setting up your path and/or shell
aliases accordingly.
Unless you've set set them up yourself, there are
probably no automated uses of sudo that you would need
to worry about. But I am just assuming that.
If you want to change the system version anyway, I'd
suggest renaming it, and then creating a symlink in its
place that refers to the macports version, then keep an
eye out for any problems. You will probably need to
temporarily disable SIP in order to do that.
cheers,
raf
More information about the macports-users
mailing list