===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/sudo/Attic/TODO,v
retrieving revision 1.2
retrieving revision 1.2.6.1
diff -c -r1.2 -r1.2.6.1
*** src/usr.bin/sudo/Attic/TODO	2000/03/27 03:44:37	1.2
--- src/usr.bin/sudo/Attic/TODO	2002/01/18 17:20:22	1.2.6.1
***************
*** 3,86 ****
  01) Redo parsing to be more like op(8) with true command aliases where
      can specify uid, gid(s) and part/all of the environment.
  
! 02) Add default options to sudoers file (umask, def uid, def gids, dir, PATH).
!     Defaults = option1, option2, ...
!     Defaults@host = option1, option2, ...
!     Defaults!user = option1, option2, ...
!     Defaults%group = option1, option2, ...
!     Defaults+netgroup = option1, option2, ...
  
! 03) Add a SHELLS reserved word that checks against /etc/shells.
  
! 04) Make the sudoers file accessible via NIS, Hesiod, and maybe NetInfo.
  
! 05) Add a -h (?) flag to sudo for a history mechanism.
  
! 06) Add an option to hard-code LD_LIBRARY_PATH?
  
! 07) Add Prog_Alias facility (Prog_Alias VI = /usr/secure/bin/vi +args).
  
! 08) check for <net/errno.h> in configure and include it in sudo.c if it exists.
  
! 09) Add generic STREAMS support for getting interfaces and netmasks.
! 
! 10) Add support for "safe scripts" by checking for shell script
      cookie (first two bytes are "#!") and execing the shell outselves
      after doing the stat to guard against spoofing.  This should avoid
      the race condition caused by going through namei() twice...
  
! 11) Overhaul testsudoers to use things from parse.o so we don't reimplement
      things.
  
! 12) Make runas_user a struct "runas" with user and group components.
      (maybe uid and gid too???)
  
! 13) Add -g group/gid option.
  
! 14) Should be able to mix Cmnd_Alias's and command args.  Ie:
  	pete   ALL=PASSWD [A-z]*,!PASSWD root
      where PASSWD was defined to be /usr/bin/passwd.
      This requires the arg parsing to happen in the yacc grammer.
      At the very least, commands and args have to become separate
      tokens in the lexer.
  
! 15) Add a per-tty restriction?  Ie: only can run foo from /dev/console.
  
! 16) Add test for how to read ether interfaces in configure script
  
! 17) Add configure check for $(CC) -R and use it in addition to -L
  
! 18) An option to make "sudo -s" use the target user's shell might be nice
!     (and more like su).
  
! 19) Use getrlimit() in preference to getconf()/getdtablesize().
! 
! 20) Add configure option to enable old behavior of visudo (O_EXCL)?
      --without-sudoers-lock?
  
! 21) Profile sudo again (is the yacc grammar optimal?)
  
! 22) Zero out encrypted passwords after use.  Use an Exit function or
      some such (have to hook in to emalloc() and friends).
      Hard (impossible?) to be thorough w/ atexit/on_exit.
  
! 23) Make 'sudo -l user' if run as root do a "sudo -l" output for the specified
      user.
  
! 24) Use strtol() and strtoul(), not atoi()
  
! 25) In parse.yacc get rid on unneeded '{ ; }'
  
! 26) Look into %e, %p, %k in parse.lex
  
! 27) Document Defaults stuff in sudoers.pod
  
! 28) Make syslog stuff work on vanilla ultrix
  
! 29) Implement date_format and log_format options.
  
! 30) Add support for: Default:user@host
  
! 31) Do login-style -sh hack for sudo -s?
  
! 32) Make visudo rcs-aware
--- 3,112 ----
  01) Redo parsing to be more like op(8) with true command aliases where
      can specify uid, gid(s) and part/all of the environment.
  
! 02) Add a SHELLS reserved word that checks against /etc/shells.
  
! 03) Make the sudoers file accessible via NIS, Hesiod, and maybe NetInfo.
  
! 04) Add a -h (?) flag to sudo for a history mechanism.
  
! 05) Add an option to set LD_LIBRARY_PATH?
  
! 06) Add Prog_Alias facility (Prog_Alias VI = /usr/secure/bin/vi +args).
  
! 07) check for <net/errno.h> in configure and include it in sudo.c if it exists.
  
! 08) Add generic STREAMS support for getting interfaces and netmasks.
  
! 09) Add support for "safe scripts" by checking for shell script
      cookie (first two bytes are "#!") and execing the shell outselves
      after doing the stat to guard against spoofing.  This should avoid
      the race condition caused by going through namei() twice...
  
! 10) Overhaul testsudoers to use things from parse.o so we don't reimplement
      things.
  
! 11) Make runas_user a struct "runas" with user and group components.
      (maybe uid and gid too???)
  
! 12) Add -g group/gid option.
  
! 13) Should be able to mix Cmnd_Alias's and command args.  Ie:
  	pete   ALL=PASSWD [A-z]*,!PASSWD root
      where PASSWD was defined to be /usr/bin/passwd.
      This requires the arg parsing to happen in the yacc grammer.
      At the very least, commands and args have to become separate
      tokens in the lexer.
  
! 14) Add a per-tty restriction?  Ie: only can run foo from /dev/console.
  
! 15) Add test for how to read ether interfaces in configure script
  
! 16) Add configure check for $(CC) -R and use it in addition to -L
  
! 17) An option to make "sudo -s" use the target user's shell might be nice
!     (and more like su).  Overlaps with the upcoming -i option.
  
! 18) Add configure option to enable old behavior of visudo (O_EXCL)?
      --without-sudoers-lock?
  
! 19) Profile sudo again (is the yacc grammar optimal?)
  
! 20) Zero out encrypted passwords after use.  Use an Exit function or
      some such (have to hook in to emalloc() and friends).
      Hard (impossible?) to be thorough w/ atexit/on_exit.
  
! 21) Make 'sudo -l user' if run as root do a "sudo -l" output for the specified
      user.
  
! 22) Use strtol() and strtoul(), not atoi()
  
! 23) In parse.yacc get rid of unneeded '{ ; }'
  
! 24) Look into %e, %p, %k in parse.lex
  
! 25) Make syslog stuff work on vanilla ultrix
  
! 26) Implement date_format and log_format options.
  
! 27) Add support for: Default:user@host
  
! 28) Do login-style -sh hack for sudo -s? (new option or do it always?)
  
! 29) Make visudo rcs-aware
  
! 30) Add support for parsing multiple sudoers files.  Basically make
!     _PATH_SUDOERS be a colon-separated list of pathname like EDITOR.
!     Requires _PATH_SUDOERS_TMP chages (perhaps "%s.tmp").
! 
! 31) Add -i (simulate initial login) option as per 946 +sudo
!     (requires two-pass parser).  Also add "default_path" Defaults option
!     to go with it.  (See MINUS_I.patch)
! 
! 32) Some people want to be able to specify a special password in sudoers
!     in addition or instead of the normal one.
! 
! 33) Add support for trusted users.  E.g. allow user to run a certain
!     command regardless of what dir it is in if it is owned by the
!     trusted user.
! 
! 34) Add mechanism to choose logfile based on RunasUser
! 
! 35) Split the parser into two stages.  The first parse checks for
!     syntax and sets the Defaults options and sets up the
!     data structures to check a user.  The second stage does
!     the actual user check.
! 
! 36) Add a flag similar to '-l' but that spits out sudo commands in
!     a format suitable for cut & paste (requires parser overhaul first).
! 
! 37) Someone wants a recursive version of the dir specifier.  Ie:
!     SOME_MODIFIER:/usr/local/ to allow anything under /usr/local to be run.
! 
! 38) An option to set the shell to the target user would make sense.
!     See other target user-related issues above.
! 
! 39) Add an option (-D) to dump the defaults after the sudoers file
!     has been parsed.  Should only be available to root and should
!     allow a -u user modifier.
! 
! 40) For sudo 1.7 wipe out the environment by default.