I am concerned about the DYLD_PRINT_TO_FILE exploit in the sudoers file.
https://blog.malwarebytes.org/mac/2015/08/dyld_print_to_file-exploit-found-in-the-wild/
If I have my sudoers file open, what are the markers I should be looking for as a sign of infection? My sudoers file is actually quite small and too my (mostly untrained) eye, I don't see anything that would be a concern. But what are some examples of lines/variables that would indicate a problem?
Here's is the bottom half of my file, nothing there jumps out at me. Thoughts?
# User privilege specification
root ALL=(ALL) ALL
%admin ALL=(ALL) ALL
# Uncomment to allow people in group wheel to run all commands
# %wheel ALL=(ALL) ALL
# Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL
# Samples
# %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users localhost=/sbin/shutdown -h now
Best Answer
This is the infecting command:
This means, that you'll have line like:
at the end of your
sudoers
file.NOTE:
USERNAME
is your username in the system. It won't have hash tag#
in front.