version 1.2, 2000/03/27 03:44:37 |
version 1.2.8.1, 2002/01/18 16:14:44 |
|
|
01) Redo parsing to be more like op(8) with true command aliases where |
01) Redo parsing to be more like op(8) with true command aliases where |
can specify uid, gid(s) and part/all of the environment. |
can specify uid, gid(s) and part/all of the environment. |
|
|
02) Add default options to sudoers file (umask, def uid, def gids, dir, PATH). |
02) Add a SHELLS reserved word that checks against /etc/shells. |
Defaults = option1, option2, ... |
|
Defaults@host = option1, option2, ... |
|
Defaults!user = option1, option2, ... |
|
Defaults%group = option1, option2, ... |
|
Defaults+netgroup = option1, option2, ... |
|
|
|
03) Add a SHELLS reserved word that checks against /etc/shells. |
03) Make the sudoers file accessible via NIS, Hesiod, and maybe NetInfo. |
|
|
04) Make the sudoers file accessible via NIS, Hesiod, and maybe NetInfo. |
04) Add a -h (?) flag to sudo for a history mechanism. |
|
|
05) Add a -h (?) flag to sudo for a history mechanism. |
05) Add an option to set LD_LIBRARY_PATH? |
|
|
06) Add an option to hard-code LD_LIBRARY_PATH? |
06) Add Prog_Alias facility (Prog_Alias VI = /usr/secure/bin/vi +args). |
|
|
07) Add Prog_Alias facility (Prog_Alias VI = /usr/secure/bin/vi +args). |
07) check for <net/errno.h> in configure and include it in sudo.c if it exists. |
|
|
08) check for <net/errno.h> in configure and include it in sudo.c if it exists. |
08) Add generic STREAMS support for getting interfaces and netmasks. |
|
|
09) Add generic STREAMS support for getting interfaces and netmasks. |
09) Add support for "safe scripts" by checking for shell script |
|
|
10) Add support for "safe scripts" by checking for shell script |
|
cookie (first two bytes are "#!") and execing the shell outselves |
cookie (first two bytes are "#!") and execing the shell outselves |
after doing the stat to guard against spoofing. This should avoid |
after doing the stat to guard against spoofing. This should avoid |
the race condition caused by going through namei() twice... |
the race condition caused by going through namei() twice... |
|
|
11) Overhaul testsudoers to use things from parse.o so we don't reimplement |
10) Overhaul testsudoers to use things from parse.o so we don't reimplement |
things. |
things. |
|
|
12) Make runas_user a struct "runas" with user and group components. |
11) Make runas_user a struct "runas" with user and group components. |
(maybe uid and gid too???) |
(maybe uid and gid too???) |
|
|
13) Add -g group/gid option. |
12) Add -g group/gid option. |
|
|
14) Should be able to mix Cmnd_Alias's and command args. Ie: |
13) Should be able to mix Cmnd_Alias's and command args. Ie: |
pete ALL=PASSWD [A-z]*,!PASSWD root |
pete ALL=PASSWD [A-z]*,!PASSWD root |
where PASSWD was defined to be /usr/bin/passwd. |
where PASSWD was defined to be /usr/bin/passwd. |
This requires the arg parsing to happen in the yacc grammer. |
This requires the arg parsing to happen in the yacc grammer. |
At the very least, commands and args have to become separate |
At the very least, commands and args have to become separate |
tokens in the lexer. |
tokens in the lexer. |
|
|
15) Add a per-tty restriction? Ie: only can run foo from /dev/console. |
14) Add a per-tty restriction? Ie: only can run foo from /dev/console. |
|
|
16) Add test for how to read ether interfaces in configure script |
15) Add test for how to read ether interfaces in configure script |
|
|
17) Add configure check for $(CC) -R and use it in addition to -L |
16) Add configure check for $(CC) -R and use it in addition to -L |
|
|
18) An option to make "sudo -s" use the target user's shell might be nice |
17) An option to make "sudo -s" use the target user's shell might be nice |
(and more like su). |
(and more like su). Overlaps with the upcoming -i option. |
|
|
19) Use getrlimit() in preference to getconf()/getdtablesize(). |
18) Add configure option to enable old behavior of visudo (O_EXCL)? |
|
|
20) Add configure option to enable old behavior of visudo (O_EXCL)? |
|
--without-sudoers-lock? |
--without-sudoers-lock? |
|
|
21) Profile sudo again (is the yacc grammar optimal?) |
19) Profile sudo again (is the yacc grammar optimal?) |
|
|
22) Zero out encrypted passwords after use. Use an Exit function or |
20) Zero out encrypted passwords after use. Use an Exit function or |
some such (have to hook in to emalloc() and friends). |
some such (have to hook in to emalloc() and friends). |
Hard (impossible?) to be thorough w/ atexit/on_exit. |
Hard (impossible?) to be thorough w/ atexit/on_exit. |
|
|
23) Make 'sudo -l user' if run as root do a "sudo -l" output for the specified |
21) Make 'sudo -l user' if run as root do a "sudo -l" output for the specified |
user. |
user. |
|
|
24) Use strtol() and strtoul(), not atoi() |
22) Use strtol() and strtoul(), not atoi() |
|
|
25) In parse.yacc get rid on unneeded '{ ; }' |
23) In parse.yacc get rid of unneeded '{ ; }' |
|
|
26) Look into %e, %p, %k in parse.lex |
24) Look into %e, %p, %k in parse.lex |
|
|
27) Document Defaults stuff in sudoers.pod |
25) Make syslog stuff work on vanilla ultrix |
|
|
28) Make syslog stuff work on vanilla ultrix |
26) Implement date_format and log_format options. |
|
|
29) Implement date_format and log_format options. |
27) Add support for: Default:user@host |
|
|
30) Add support for: Default:user@host |
28) Do login-style -sh hack for sudo -s? (new option or do it always?) |
|
|
31) Do login-style -sh hack for sudo -s? |
29) Make visudo rcs-aware |
|
|
32) Make visudo rcs-aware |
30) Add support for parsing multiple sudoers files. Basically make |
|
_PATH_SUDOERS be a colon-separated list of pathname like EDITOR. |
|
Requires _PATH_SUDOERS_TMP chages (perhaps "%s.tmp"). |
|
|
|
31) Add -i (simulate initial login) option as per 946 +sudo |
|
(requires two-pass parser). Also add "default_path" Defaults option |
|
to go with it. (See MINUS_I.patch) |
|
|
|
32) Some people want to be able to specify a special password in sudoers |
|
in addition or instead of the normal one. |
|
|
|
33) Add support for trusted users. E.g. allow user to run a certain |
|
command regardless of what dir it is in if it is owned by the |
|
trusted user. |
|
|
|
34) Add mechanism to choose logfile based on RunasUser |
|
|
|
35) Split the parser into two stages. The first parse checks for |
|
syntax and sets the Defaults options and sets up the |
|
data structures to check a user. The second stage does |
|
the actual user check. |
|
|
|
36) Add a flag similar to '-l' but that spits out sudo commands in |
|
a format suitable for cut & paste (requires parser overhaul first). |
|
|
|
37) Someone wants a recursive version of the dir specifier. Ie: |
|
SOME_MODIFIER:/usr/local/ to allow anything under /usr/local to be run. |
|
|
|
38) An option to set the shell to the target user would make sense. |
|
See other target user-related issues above. |
|
|
|
39) Add an option (-D) to dump the defaults after the sudoers file |
|
has been parsed. Should only be available to root and should |
|
allow a -u user modifier. |
|
|
|
40) For sudo 1.7 wipe out the environment by default. |