SecureMac, Inc.

Computer security news. Just for Macs.

Get the latest computer security news for Macs and be the first to be informed about critical updates. Industry news, security events and all you need right at your fingertips. Malware threats change daily, so keep up to date on the latest developments to help ensure your privacy and protection. You can never be too safe.

Sudo for Mac OS X has been found vulnerable to buffer overflows

Posted on June 2, 2001

What is sudo?

Sudo (superuser do) is a piece of software that allows a system admin to give certain users/groups the ability to run commands as root or another user

Sudo is available with most all unix based operating systems including Mac OS X.

The Problem

On 4.23.2K1 FreeBSD, Inc. released a security advisory warning users that all version of sudo prior to version contains a local command-line buffer overflow allowing a local user to potentially gain increased privileges on the local system.

Mac OS X 10.0.4 DOES included a fixed version of sudo – so make sure you update Mac OS X, alternative choice: The authors of sudo have released a patch, and with the freedom of open source Scott Anguish has created a Mac OS X custom installation application to fix sudo.

Download Fix:

Sudo Upgrade Installer for Mac OS X by Scott Anguish

Building sudo

If you choose not to use the packaged installation above and you choose to build sudo yourself you must have the developers tools installed!

Scott Anguish has written full instructions and documentation how to fix and build sudo, read it @ Stepwise website!

Please make sure you notice that in Mac OS X 10.0.2 it does not include a fixed version of sudo so you must apply changes yourself.

Join our mailing list for the latest security news and deals