Solaris 9/10 sudo packages

Background

In January 2021, a long-term exploit for the sudo software was identified. This has attracted some serious attention in the same was as prior issues in bash and the Solaris pam modules did.

Solaris 9 and 10

Since Solaris 9 and 10 didn't ship with sudo from Sun or Oracle, there is no officially supplied patch for these systems. The closest to a system supplied sudo was the SFW supplmental CD, and that was pretty old even when it was shipping.

Despite the best efforts of Sun to encourage use of the native RBAC implementation on Solaris 10, sudo is so much of an industry standard approach that it has ended up deployed everywhere.

The Problem

These days, these Solaris versions are legacy and generally only holding on running older applications where migration is a bit too much to deal with. Or completely impractical for support and software reasons. This generally means a lot of sites don't have management hosts with build toolchain running any more and building packages isn't the usual daily sysadmin duty that it once was.

The Solution

*shrug*

I've built a broadly compatible package of the latest sudo release as of the 30th of January 2021 and packaged it as a convenience item for busy sysadmins.

The Build

This package was compiled on Solaris 9, 12/03 release with the Studio 8 compiler.

This is the earliest Solaris 9 release that I have suitable running and maintained hardware for, that being a Sun Fire V240. While a true 9-FCS build would have been preferable, my older hardware just isn't in a running state right now.

All compiler CPU optimizations have been disabled which should lead to a package that will run on any hardware supported by Solaris 9/SPARC, from an old SPARCstation to the SPARC you bought yesterday. This binary is perfect for Solaris 10 as well as 9.

It appears sudo 1.9.x has expectations about libz that aren't true in Solaris 9, so this package has a bundled build of that library. This also has optimization disabled, so while it will work it might be the slowest build of libz around.

The Package

The package is a standard Solaris System V package in a tarball. It installs to /opt/sudo and is self-contained there. It expects the sudoers file and sudoers.d directory to be located in /etc for broad compatibility.

This package will not clobber existing configurations by design.

A postinstall script is executed during the installation process. This script looks for the presence of sudoers etc as well as the presence of paths like /usr/bin/sudo. If these are not present, symlinks to the relevant locations in /opt/sudo/ will be created. If this is not desired, please edit the postinstall script before installing.