Security alert for 'sudo'

May 01, '01 11:48:47AM

Contributed by: robg

Today over at stepwise.com, they posted an article explaining a buffer overrun security hole in 'sudo', which is included with OS X. After you've read the article, you can either download an updated sudo installer, or build it yourself by doing the following in a terminal window (requires an admin account and the developer tools installed):

mkdir build-sudo
cd build-sudo
wget http://www.courtesan.com/sudo/dist/sudo-1.6.3p7.tar.gz
gnutar -xzf sudo-1.6.3p7.tar.gz
cd sudo-1.6.3p7
cp /usr/libexec/config.* ./
./configure --with-password-timeout=0
--mandir=/usr/share/man
--prefix=/usr
make
sudo make install
This update is highly recommended for all users, but especially those with a full-time internet connection and no firewall! ;-)

Comments (4)


Mac OS X Hints
http://hints.macworld.com/article.php?story=20010501114847108