[chuck-users] Question re: installing ChucK on Mac
Hans Aberg
haberg-1 at telia.com
Sat Aug 7 14:31:46 EDT 2010
On 7 Aug 2010, at 14:27, Kassen wrote:
>> Though restrictions can be implemented, that is not so in Mac OS X.
>> In addition, when one does a 'sudo', it is valid for a few minutes,
>> which can be exploited by malware, by trying every minute if the
>> user has enabled root permissions.
>
> It might be preferable to restrict root access to a single bash
> session, or perhaps to require it for every command. System-wide
> root access sounds a bit excessive to me, but I don't know what
> considerations went into that choice.
I checked how it can be turned off, would there be a concern. (On mac
OS X, the default time is 5 minutes.) Also see 'man sudoers'.
First choose your favorite editor, say by
export EDITOR=emacs
Then
sudo visudo
and add a line
Defaults timestamp_timeout = 0
This loophole is probably considered rather theoretical: you would
somehow need to get a malware program and run it. One can cut off the
time using 'sudo -k'.
More information about the chuck-users
mailing list