Do you use sudo?

If you regularly use sudo, and you’re running OS X like me, you might want to take a look at this security advisory detailed in the BugTraq mailing list archives up on the SecurityFocus website. The issue isn’t a big one, but as fixes are readily available, it would be daft to ignore it:

OSX can be root compromised by a trojan application. The trojan application does not require explicit user authentication to elevate its privileges to root, nor does the root account need to be enabled. The Trojan application must be run from an account that is in the admin group, which is the default for the first account created and the context in which most users run. Once executed, the trojan application must only wait until the user leverages the sudo utility, either at the command line or by another application that leverages sudo to elevate its privileges.

Basically, sudo, by default, allows a period of grace between operations before asking for your password again. Theoretically, a trojan could take advantage of this, assuming you’re nuts enough to execute such a file. The advisory linked-to above tells you how to sort this out, using the visudo tool (you’re best off using this rather than firing up see or similar — you don’t want to go hosing your sudoers file!)

Note: the mail only talks about OS X. I presume other UNIX variants are OK…

Comments on this post are now closed.


I’m a software architect / developer / general IT wrangler specialising in web, mobile web and middleware using things like node.js, Java, C#, PHP, HTML5 and more.

Best described as a simpleton, but kindly. You can read more here.