Dear Bayard,
Current Apple version.h source; "static const char version[] = "1.7.0";"
Current sudo.ws source;
"jbb@pinball:~
(71): % sudo -V
Sudo version 1.8.1p1
Sudoers policy plugin version 1.8.1p1
Sudoers file grammar version 40
Sudoers I/O plugin version 1.8.1p1
jbb@pinball:~
(72): % "
Of course that Apple version.h file is a little out of date even for the
current Apple sudo distributed during the update process. Very sloppy!
Needless to say, I do not have much confidence in Apple's open source. It took
them over half a year to remove buggy sudo source code once the bugs were revealed.
Bayard Bell wrote:
On 29 Apr 2011, at 17:09, John B Brown wrote:
The key being 'what Apple list[s]', but not the code.
Actually, that list is from the source, which you can find at
http://opensource.apple.com/source/sudo/sudo-46/
Do you have a URL for Apple's 'open source?' I don't so, please, send
me a copy of that URL. Apple updates do not come from MacPorts sites. I already
have copies of sudo source from MacPorts. A straight compile of MacPorts source
gives me a 'bent' sudo executable. At 78, I don't have time for proprietary
source search games; hiking the mountains is so much more satisfying.
See above. There's no need to for scare quotes around the words open source in
this case, and you'll have a lot more time to hike mountains if you find and
review the source as opposed to getting into minor surgery because of
speculations about changes made by Apple. If you want an easy way to fetch the
code for a given OS X release and view it locally, see
http://darwinbuild.macosforge.org/
This tool is also available via Macports IIRC.
Bayard Bell wrote:
If you think you can keep all your windows open on your ground-floor home
because you've got three locks on the front door and a three-foot tall fence
around your garden, that is absolutely your decision, but it's not unreasonable
on a list like this to point out that it makes for considerable security risks
that others may not wish to accept.
EMFs are NOT doors or windows or fences.
I've explained the reasonable use case for something like NOPASSWD, and you've not come
back with something resembling "science." Nevertheless, I'm happy to explain
why the analogy is apt.
Firewalls allow some enforcement of protocol access policies, and their ability to deliver even that much varies considerably from completely effective given the prevalence of protocol and object tunnelling, which are facets of a general problem of not keeping up with application-level content inspection because of the difficulty of maintaining throughput and minimising latency. As stack overflows against IP stacks and server code have become less prevalent, attackers have shifted extensively toward client-side exploitation and attacks on web applications, moving much of the defensive efforts towards various forms of sandboxing so that attacks against browsers in particular can be contained. Nevertheless, it was three years on the trot that Charlie Miller managed to break into a fully patched OS X system via Safari, where at least two years of that involved using the same script to identify exploits (he didn't get to break OS X through Safari this year because a Dutch team
got to go first and succeeded, so he had to settle for breaking iOS).
Despite progress (and some promising signs about Lion), OS X has remained
behind on client-side defence because of partial implementation of memory
protection measures, so I don't rest easy because of the number of firewalls
between my Mac and the Internet because they're a security measure that's on a
different plane than most attack vectors, which are furthermore designed to
traverse most firewalls.
Cheers,
Bayard
Shalom,
John B. Brown.
[[email protected]]
358 High Street,
Buffalo, Wyoming
82834
"Freedom is not worth having if it does not include
the freedom to make mistakes" Mahatma Gandhi
"There was never a good war, or a bad peace."
Benjamin Franklin
"I wonder whether the world is being run
by smart people who are putting us on
or by imbeciles who really mean it." Mark Twain
1-307-684-9068
_______________________________________________
macports-users mailing list
[email protected]
http://lists.macosforge.org/mailman/listinfo.cgi/macports-users
