Opened 7 years ago

Closed 7 years ago

Last modified 7 years ago

#54958 closed defect (fixed)

sudo: no sticky bit on high sierra

Reported by: danchr (Dan Villiom Podlaski Christiansen) Owned by: Schamschula (Marius Schamschula)
Priority: Normal Milestone:
Component: ports Version: 2.4.99
Keywords: highsierra Cc: ryandesign (Ryan Carsten Schmidt)
Port: sudo

Description

I just upgraded my Mac to High Sierra, and during the rebuild afterwards sudo was built to a non-functioning state. Specifically, everthing built, but /opt/local/bin/sudo had no setuid bit, leaving functionality somewhat reduced.

I run MacPorts from the master branch, so that might also be the cause.

Anyway, the fix is rather trivial:

  • sysutils/sudo/Portfile 

    diff --git a/sysutils/sudo/Portfile b/sysutils/sudo/Portfile
    a b pre-destroot { 
    4747}
    4848
    4949post-destroot {
     50    file attributes ${destroot}${prefix}/bin/sudo -permissions +s
    5051    file delete ${destroot}${prefix}/etc/sudoers
    5152    xinstall -d -m 0755 ${destroot}${prefix}/var/run/sudo
    5253}

Change History (5)

comment:1 Changed 7 years ago by Schamschula (Marius Schamschula)

Yes. Under High Sierra Beta I was manually setting the setuid bit, but now that the release version is out, might as well add this to the Portfile.

comment:2 Changed 7 years ago by Schamschula (Marius Schamschula)

Resolution: fixed
Status: newclosed

In 1d45c0e3e3d1f6d692b66a853b545352eb962d24/macports-ports:

sudo 1.8.21p2: fix sticky bit on high sierra

Closes: #54958

comment:3 Changed 7 years ago by ryandesign (Ryan Carsten Schmidt)

Cc: ryandesign added

Any explanation for why this did not get set by the build system as on previous macOS versions? Is it a bug in sudo or MacPorts or High Sierra or APFS?

comment:4 in reply to:  3 ; Changed 7 years ago by danchr (Dan Villiom Podlaski Christiansen)

Replying to ryandesign:

Any explanation for why this did not get set by the build system as on previous macOS versions? Is it a bug in sudo or MacPorts or High Sierra or APFS?

I believe the bug is somewhere in the MacPorts infrastructure; I ran a manual sudo make install DESTDIR=/tmp and that resulted in a binary the proper mode. Without having investigated further, I'd be inclined to blame trace mode; it just feels like something it could break… Alternatively, overly aggressive privilege escalation might be the cause.

Last edited 7 years ago by danchr (Dan Villiom Podlaski Christiansen) (previous) (diff)

comment:5 in reply to:  4 Changed 7 years ago by danchr (Dan Villiom Podlaski Christiansen)

Replying to danchr:

Replying to ryandesign:

Any explanation for why this did not get set by the build system as on previous macOS versions? Is it a bug in sudo or MacPorts or High Sierra or APFS?

I believe the bug is somewhere in the MacPorts infrastructure…

Confirmed with a simple test case and reported as bug #54963.

Note: See TracTickets for help on using tickets.