=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/sudo/Attic/TODO,v retrieving revision 1.2 retrieving revision 1.2.6.1 diff -u -r1.2 -r1.2.6.1 --- src/usr.bin/sudo/Attic/TODO 2000/03/27 03:44:37 1.2 +++ src/usr.bin/sudo/Attic/TODO 2002/01/18 17:20:22 1.2.6.1 @@ -3,84 +3,110 @@ 01) Redo parsing to be more like op(8) with true command aliases where can specify uid, gid(s) and part/all of the environment. -02) Add default options to sudoers file (umask, def uid, def gids, dir, PATH). - Defaults = option1, option2, ... - Defaults@host = option1, option2, ... - Defaults!user = option1, option2, ... - Defaults%group = option1, option2, ... - Defaults+netgroup = option1, option2, ... +02) Add a SHELLS reserved word that checks against /etc/shells. -03) Add a SHELLS reserved word that checks against /etc/shells. +03) Make the sudoers file accessible via NIS, Hesiod, and maybe NetInfo. -04) Make the sudoers file accessible via NIS, Hesiod, and maybe NetInfo. +04) Add a -h (?) flag to sudo for a history mechanism. -05) Add a -h (?) flag to sudo for a history mechanism. +05) Add an option to set LD_LIBRARY_PATH? -06) Add an option to hard-code LD_LIBRARY_PATH? +06) Add Prog_Alias facility (Prog_Alias VI = /usr/secure/bin/vi +args). -07) Add Prog_Alias facility (Prog_Alias VI = /usr/secure/bin/vi +args). +07) check for in configure and include it in sudo.c if it exists. -08) check for in configure and include it in sudo.c if it exists. +08) Add generic STREAMS support for getting interfaces and netmasks. -09) Add generic STREAMS support for getting interfaces and netmasks. - -10) Add support for "safe scripts" by checking for shell script +09) Add support for "safe scripts" by checking for shell script cookie (first two bytes are "#!") and execing the shell outselves after doing the stat to guard against spoofing. This should avoid the race condition caused by going through namei() twice... -11) Overhaul testsudoers to use things from parse.o so we don't reimplement +10) Overhaul testsudoers to use things from parse.o so we don't reimplement things. -12) Make runas_user a struct "runas" with user and group components. +11) Make runas_user a struct "runas" with user and group components. (maybe uid and gid too???) -13) Add -g group/gid option. +12) Add -g group/gid option. -14) Should be able to mix Cmnd_Alias's and command args. Ie: +13) Should be able to mix Cmnd_Alias's and command args. Ie: pete ALL=PASSWD [A-z]*,!PASSWD root where PASSWD was defined to be /usr/bin/passwd. This requires the arg parsing to happen in the yacc grammer. At the very least, commands and args have to become separate tokens in the lexer. -15) Add a per-tty restriction? Ie: only can run foo from /dev/console. +14) Add a per-tty restriction? Ie: only can run foo from /dev/console. -16) Add test for how to read ether interfaces in configure script +15) Add test for how to read ether interfaces in configure script -17) Add configure check for $(CC) -R and use it in addition to -L +16) Add configure check for $(CC) -R and use it in addition to -L -18) An option to make "sudo -s" use the target user's shell might be nice - (and more like su). +17) An option to make "sudo -s" use the target user's shell might be nice + (and more like su). Overlaps with the upcoming -i option. -19) Use getrlimit() in preference to getconf()/getdtablesize(). - -20) Add configure option to enable old behavior of visudo (O_EXCL)? +18) Add configure option to enable old behavior of visudo (O_EXCL)? --without-sudoers-lock? -21) Profile sudo again (is the yacc grammar optimal?) +19) Profile sudo again (is the yacc grammar optimal?) -22) Zero out encrypted passwords after use. Use an Exit function or +20) Zero out encrypted passwords after use. Use an Exit function or some such (have to hook in to emalloc() and friends). Hard (impossible?) to be thorough w/ atexit/on_exit. -23) Make 'sudo -l user' if run as root do a "sudo -l" output for the specified +21) Make 'sudo -l user' if run as root do a "sudo -l" output for the specified user. -24) Use strtol() and strtoul(), not atoi() +22) Use strtol() and strtoul(), not atoi() -25) In parse.yacc get rid on unneeded '{ ; }' +23) In parse.yacc get rid of unneeded '{ ; }' -26) Look into %e, %p, %k in parse.lex +24) Look into %e, %p, %k in parse.lex -27) Document Defaults stuff in sudoers.pod +25) Make syslog stuff work on vanilla ultrix -28) Make syslog stuff work on vanilla ultrix +26) Implement date_format and log_format options. -29) Implement date_format and log_format options. +27) Add support for: Default:user@host -30) Add support for: Default:user@host +28) Do login-style -sh hack for sudo -s? (new option or do it always?) -31) Do login-style -sh hack for sudo -s? +29) Make visudo rcs-aware -32) Make visudo rcs-aware +30) Add support for parsing multiple sudoers files. Basically make + _PATH_SUDOERS be a colon-separated list of pathname like EDITOR. + Requires _PATH_SUDOERS_TMP chages (perhaps "%s.tmp"). + +31) Add -i (simulate initial login) option as per 946 +sudo + (requires two-pass parser). Also add "default_path" Defaults option + to go with it. (See MINUS_I.patch) + +32) Some people want to be able to specify a special password in sudoers + in addition or instead of the normal one. + +33) Add support for trusted users. E.g. allow user to run a certain + command regardless of what dir it is in if it is owned by the + trusted user. + +34) Add mechanism to choose logfile based on RunasUser + +35) Split the parser into two stages. The first parse checks for + syntax and sets the Defaults options and sets up the + data structures to check a user. The second stage does + the actual user check. + +36) Add a flag similar to '-l' but that spits out sudo commands in + a format suitable for cut & paste (requires parser overhaul first). + +37) Someone wants a recursive version of the dir specifier. Ie: + SOME_MODIFIER:/usr/local/ to allow anything under /usr/local to be run. + +38) An option to set the shell to the target user would make sense. + See other target user-related issues above. + +39) Add an option (-D) to dump the defaults after the sudoers file + has been parsed. Should only be available to root and should + allow a -u user modifier. + +40) For sudo 1.7 wipe out the environment by default.