Recompiling init

By: Richard Glaser - Revised: 2006-06-06 devin

Introduction

Step-by-step instructions for recompiling init, which may be part of the workaround for 10.2.8.


Downloading the Source

First, download the source, go to Darwin Source site at url:

    http://www.opensource.apple.com/darwinsource/

Click on your preferred Mac OS X variant:


Then download the .tar.gz., for whatever version of system_cmds is listed.


Next, you will be asked for an ADC password and/or have to agree to the Apple Public
Source license.


If you don't already have an Apple ID, please obtain one at signin.apple.com by clicking the "New Account" button.

Once you've downloaded the source, there are four steps to recompile

Untarring

Untarring it can be done from Finder (with Stuffit Expander) or from the terminal. Choose whichever one you prefer.


Or untar using command line:

   tar zxvf system-cmds*gz

Modifying

The file you want to modify is init.tproj/Makefile.preamble under the expanded directory. You'll want to open that with your favorite text editor. Somewhere in that file, you want to insert a line:

   OTHER_CFLAGS = -DSECURE


Or using command line:

   echo "OTHER_CFLAGS = -DSECURE" >>Makefile.preamble

Next, enter the following:

   cd to <package>/init.tproj

Where package is the directory where the expanded system_cmds is located.


Next, run 'make'. You'll may see a few lines that say "warning".


If all went well, you'll find the recompiled init in /tmp/<User ID>/BUILD/init, replacing "User ID" with your userid as necessary.

Next, you will need to replace the compiled init with the vulnerable init:

   sudo /tmp/<User ID>/BUILD/init /sbin/init'