| version 1.8, 2003/11/08 19:17:29 |
version 1.9, 2004/09/28 15:10:50 |
|
|
| 13) Should be able to mix Cmnd_Alias's and command args. Ie: |
13) Should be able to mix Cmnd_Alias's and command args. Ie: |
| pete ALL=PASSWD [A-z]*,!PASSWD root |
pete ALL=PASSWD [A-z]*,!PASSWD root |
| where PASSWD was defined to be /usr/bin/passwd. |
where PASSWD was defined to be /usr/bin/passwd. |
| This requires the arg parsing to happen in the yacc grammar. |
This requires the arg parsing to happen in the yacc grammer. |
| At the very least, commands and args have to become separate |
At the very least, commands and args have to become separate |
| tokens in the lexer. |
tokens in the lexer. |
| |
|
|
|
| |
|
| 15) Add test for how to read ether interfaces in configure script |
15) Add test for how to read ether interfaces in configure script |
| |
|
| 16) An option to make "sudo -s" use the target user's shell might be nice |
16) Add configure option to enable old behavior of visudo (O_EXCL)? |
| (and more like su). Overlaps with the upcoming -i option. |
|
| |
|
| 17) Add configure option to enable old behavior of visudo (O_EXCL)? |
|
| --without-sudoers-lock? |
--without-sudoers-lock? |
| |
|
| 18) Profile sudo again (is the yacc grammar optimal?) |
17) Profile sudo again (is the yacc grammar optimal?) |
| |
|
| 19) Zero out encrypted passwords after use. Use an Exit function or |
18) Zero out encrypted passwords after use. Use an Exit function or |
| some such (have to hook in to emalloc() and friends). |
some such (have to hook in to emalloc() and friends). |
| Hard (impossible?) to be thorough w/ atexit/on_exit. |
Hard (impossible?) to be thorough w/ atexit/on_exit. |
| |
|
| 20) Make 'sudo -l user' if run as root do a "sudo -l" output for the specified |
19) Make 'sudo -l user' if run as root do a "sudo -l" output for the specified |
| user. |
user. |
| |
|
| 21) Use strtol() and strtoul(), not atoi() |
20) Use strtol() and strtoul(), not atoi() |
| |
|
| 23) Look into %e, %p, %k in parse.lex |
21) Look into %e, %p, %k in parse.lex |
| |
|
| 23) Make syslog stuff work on vanilla ultrix |
22) Make syslog stuff work on vanilla ultrix |
| |
|
| 24) Implement date_format and log_format options. |
23) Implement date_format and log_format options. |
| |
|
| 25) Add support for: Default:user@host |
24) Add support for: Default:user@host |
| |
|
| 26) Do login-style -sh hack for sudo -s? (new option or do it always?) |
25) Make visudo rcs-aware |
| |
|
| 27) Make visudo rcs-aware |
26) Add support for parsing multiple sudoers files. Basically make |
| |
|
| 28) Add support for parsing multiple sudoers files. Basically make |
|
| _PATH_SUDOERS be a colon-separated list of pathname like EDITOR. |
_PATH_SUDOERS be a colon-separated list of pathname like EDITOR. |
| Requires _PATH_SUDOERS_TMP chages (perhaps "%s.tmp"). |
Requires _PATH_SUDOERS_TMP chages (perhaps "%s.tmp"). |
| |
|
| 29) Add -i (simulate initial login) option as per 946 +sudo |
27) Some people want to be able to specify a special password in sudoers |
| (requires two-pass parser). Also add "default_path" Defaults option |
|
| to go with it. (See MINUS_I.patch) |
|
| |
|
| 30) Some people want to be able to specify a special password in sudoers |
|
| in addition or instead of the normal one. The best argument for |
in addition or instead of the normal one. The best argument for |
| this so far is to be able to use separate passwords for the |
this so far is to be able to use separate passwords for the |
| target users that are not the passwd file ones. |
target users that are not the passwd file ones. |
| |
|
| 31) Add support for trusted users. E.g. allow user to run a certain |
28) Add support for trusted users. E.g. allow user to run a certain |
| command regardless of what dir it is in if it is owned by the |
command regardless of what dir it is in if it is owned by the |
| trusted user. |
trusted user. |
| |
|
| 32) Add mechanism to choose logfile based on RunasUser |
28) Split the parser into two stages. The first parse checks for |
| |
|
| 33) Split the parser into two stages. The first parse checks for |
|
| syntax and sets the Defaults options and sets up the |
syntax and sets the Defaults options and sets up the |
| data structures to check a user. The second stage does |
data structures to check a user. The second stage does |
| the actual user check. |
the actual user check. |
| |
|
| 34) Add a flag similar to '-l' but that spits out sudo commands in |
30) Add a flag similar to '-l' but that spits out sudo commands in |
| a format suitable for cut & paste (requires parser overhaul first). |
a format suitable for cut & paste (requires parser overhaul first). |
| |
|
| 35) Someone wants a recursive version of the dir specifier. Ie: |
31) Someone wants a recursive version of the dir specifier. Ie: |
| SOME_MODIFIER:/usr/local/ to allow anything under /usr/local to be run. |
SOME_MODIFIER:/usr/local/ to allow anything under /usr/local to be run. |
| |
|
| 36) An option to set the shell to the target user would make sense. |
31) An option to set the shell to the target user would make sense. |
| See other target user-related issues above. |
See other target user-related issues above. |
| |
|
| 37) Add an option (-D) to dump the defaults after the sudoers file |
33) Add an option (-D) to dump the defaults after the sudoers file |
| has been parsed. Should only be available to root and should |
has been parsed. Should only be available to root and should |
| allow a -u user modifier. |
allow a -u user modifier. |
| |
|
| 38) For sudo 1.7 wipe out the environment by default. |
34) For sudo 1.7 wipe out the environment by default. |
| |
|
| 39) Allow /etc/sudoers to be a symlink but require the parent dir to |
35) Allow /etc/sudoers to be a symlink but require the parent dir to |
| be root-owned and not writable by anything else. Should really |
be root-owned and not writable by anything else. Should really |
| traverse the tree to the root doing this. |
traverse the tree to the root doing this. |
| |
|
| 40) Improve interfaces.c STREAMS code (see ntpd's ntp_io.c for hints) |
36) Improve interfaces.c STREAMS code (see ntpd's ntp_io.c for hints) |
| |
|
| 41) Wildcard support for user and group names? (netgroup too?) |
37) Wildcard support for user and group names? (netgroup too?) |
| |
|
| 42) If root_sudo is off, still allow sudo -u to non-root users? |
38) If root_sudo is off, still allow sudo -u to non-root users? |
| |
|
| 43) Add configure option to id user based on euid not ruid? |
39) Add configure option to id user based on euid not ruid? |
| |
|
| 44) Split $EDITOR/$VISUAL in visudo into an argument vector based on whitespace |
40) Split $EDITOR/$VISUAL in visudo into an argument vector based on whitespace |
| |
|
| 45) Use proper links in .pod files |
41) Use proper links in .pod files |
| |
|
| |
42) Parse gids like %#0 |
| |
|
| |
43) Add support for systrace (requires that sudo fork and be persistent) |
| |
|
| |
44) For AIX, call getuserattr() to get resource limits and set them |
| |
as appropriate, see: |
| |
http://nscp.upenn.edu/aix4.3html/libs/basetrf1/getuserattr.htm#A16691a89 |
| |
|
| |
45) Add an insult_path variable that is intialized to "builtin" but that |
| |
can point to other files containing an insult count as the first |
| |
line and that have a constant record length (sparse files) for |
| |
easy seeking. |
| |
|
| |
46) Investigate using glob(3) instead of fnmatch(3) for path matching. That |
| |
way we can stat each potential match like we normally would. Patterns |
| |
ending in '/*' can be replaced with '/basename' as an optimization. |
| |
|
| |
47) Some way of using a new pty for the program run via sudo would prevent |
| |
access to the caller's /dev/tty (but probably makes job control tricky). |
| |
|
| |
48) Maybe have a database of checksums that commands are verified against. |
| |
Basically replace the st_ino/st_dev check with a checksum lookup. |
| |
|
| |
49) Look into testing writability of a file via sudoedit *before* doing |
| |
the edit; e.g., try opening with O_APPEND. |
| |
|
| |
50) Add Makefile.in bits to autogenerate Solaris and HP-UX packages |
![[BACK]](/icons/back.gif){kind=icon}
Return to TODO CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / sudo