added a comment under Miscellaneous about the crazy macOS default sudo

m4rkw · m4rkw · commit b64ae6758db8 · 2017-10-19T23:29:13.000+01:00
behaviour of not changing the HOME environment variable when you escalate.
diff --git a/README.md b/README.md
@@ -1994,6 +1994,15 @@ Consider [sandboxing](https://developer.apple.com/library/mac/documentation/Darw
 
 Did you know Apple has not shipped a computer with TPM since [2006](http://osxbook.com/book/bonus/chapter10/tpm/)?
 
+MacOS comes with this line in /etc/sudoers:
+
+````
+Defaults env_keep += "HOME MAIL"
+````
+
+Which stops sudo from changing the HOME variable when you elevate privileges. This means it will execute as root the bash dotfiles in the non-root user's home directory when you run "sudo bash". It is adviseable to comment this line out to avoid a potentially easy way for malware or a local attacker to escalate privileges to root.
+
+
 ## Related software
 
 [Santa](https://github.com/google/santa/) - A binary whitelisting/blacklisting system for macOS.
