On Thu, Feb 11, 2021 at 08:32:19PM -0500, "[email protected]" <[email protected]> wrote:
> Hello all! > > The recently discovered vulnerability in sudo is making me nervous > about my old systems. This may be unreasonable, as these systems have > plenty of other vulnerabilities and I behave accordingly. However, > sudo just seems like such a vital component, and this exploit > particularly bad. > > It doesn't look like MacPorts sudo has any dependencies, so how > terrible of an idea would it be to just plop it in /usr/bin/? Do any > obvious pitfalls come to mind, perhaps around configuration file > paths? (I also of course realize this would be totally "unsupported", > whatever that really means under the circumstances... 🙂) > > I could also just wait for Apple's next open source drop, and see if > their patched sudo can be compiled to target older systems... better > idea? Just a personal opinion, but if you are the only person using your mac, and hence the only person likely to use sudo, I'd recommend leaving the system version alone, and just make sure that you only use the latest version via macports, by setting up your path and/or shell aliases accordingly. Unless you've set set them up yourself, there are probably no automated uses of sudo that you would need to worry about. But I am just assuming that. If you want to change the system version anyway, I'd suggest renaming it, and then creating a symlink in its place that refers to the macports version, then keep an eye out for any problems. You will probably need to temporarily disable SIP in order to do that. cheers, raf
