|
|
|
|
|
|
by brohee
1967 days ago
|
|
|
Not the thing saving you, as it is sudo invoked as sudoedit that permits entering the bad codepath... A simple symbolic link and you now have sudoedit. And... macOS looks vulnerable to me % cd ~ && ln -s /usr/bin/sudo sudoedit && ./sudoedit -s /
Password:
sudoedit: /: not a regular file
As per the advisory it looks vulnerable (sudoedit: and not usage:) |
|
|