Annotation of src/usr.bin/sudo/BUGS, Revision 1.10
1.10 ! millert 1: Known bugs in sudo version 1.6.9
1.2 millert 2: ================================
1.1 millert 3:
1.5 millert 4: 1) Sudo should have an option to log when removing "dangerous"
5: environment variables.
1.1 millert 6:
1.5 millert 7: 2) On DUNIX in sia mode, hitting return at the prompt does not quit.
1.1 millert 8:
1.5 millert 9: 3) In parse.lex, '@' should not need to be a special character.
10: However, because lex does greedy matching, {WORD} will match
11: instead of the "^Defaults[:@]?" line.
1.1 millert 12:
1.5 millert 13: 4) In list mode (sudo -l), characters escaped with a backslash
14: are shown verbatim with the backslash.
1.1 millert 15:
1.5 millert 16: 5) Because the parser only does a single pass it is possible to
17: make a sudoers file where the "defaults" options are set after
18: a user's entry has been validated, changing the permissions for
19: the user. The work-around is to put all 'defaults' entries
20: before the "User privilege specification" section but after all
21: the "alias specifications". In the future the parser will
22: converted to a two-pass parser.
1.9 millert 23:
24: 6) For the same reason as #5, changing the value of "ignore_dot" has
25: no effect (find_path() is called before sudoers is parsed).
1.5 millert 26:
27: For a list of things that are not bugs but that I would like to
28: add / fix, please see the TODO file.