Annotation of src/usr.bin/sudo/TODO, Revision 1.2
1.1 millert 1: TODO list (most will be addressed in sudo 2.0)
2:
3: 01) Redo parsing to be more like op(8) with true command aliases where
4: can specify uid, gid(s) and part/all of the environment.
5:
6: 02) Add default options to sudoers file (umask, def uid, def gids, dir, PATH).
7: Defaults = option1, option2, ...
8: Defaults@host = option1, option2, ...
9: Defaults!user = option1, option2, ...
10: Defaults%group = option1, option2, ...
11: Defaults+netgroup = option1, option2, ...
12:
13: 03) Add a SHELLS reserved word that checks against /etc/shells.
14:
15: 04) Make the sudoers file accessible via NIS, Hesiod, and maybe NetInfo.
16:
17: 05) Add a -h (?) flag to sudo for a history mechanism.
18:
19: 06) Add an option to hard-code LD_LIBRARY_PATH?
20:
21: 07) Add Prog_Alias facility (Prog_Alias VI = /usr/secure/bin/vi +args).
22:
23: 08) check for <net/errno.h> in configure and include it in sudo.c if it exists.
24:
25: 09) Add generic STREAMS support for getting interfaces and netmasks.
26:
27: 10) Add support for "safe scripts" by checking for shell script
28: cookie (first two bytes are "#!") and execing the shell outselves
29: after doing the stat to guard against spoofing. This should avoid
30: the race condition caused by going through namei() twice...
31:
32: 11) Overhaul testsudoers to use things from parse.o so we don't reimplement
33: things.
34:
35: 12) Make runas_user a struct "runas" with user and group components.
36: (maybe uid and gid too???)
37:
38: 13) Add -g group/gid option.
39:
40: 14) Should be able to mix Cmnd_Alias's and command args. Ie:
41: pete ALL=PASSWD [A-z]*,!PASSWD root
42: where PASSWD was defined to be /usr/bin/passwd.
43: This requires the arg parsing to happen in the yacc grammer.
44: At the very least, commands and args have to become separate
45: tokens in the lexer.
46:
47: 15) Add a per-tty restriction? Ie: only can run foo from /dev/console.
48:
49: 16) Add test for how to read ether interfaces in configure script
50:
51: 17) Add configure check for $(CC) -R and use it in addition to -L
52:
53: 18) An option to make "sudo -s" use the target user's shell might be nice
54: (and more like su).
55:
56: 19) Use getrlimit() in preference to getconf()/getdtablesize().
57:
58: 20) Add configure option to enable old behavior of visudo (O_EXCL)?
59: --without-sudoers-lock?
60:
61: 21) Profile sudo again (is the yacc grammar optimal?)
62:
63: 22) Zero out encrypted passwords after use. Use an Exit function or
64: some such (have to hook in to emalloc() and friends).
65: Hard (impossible?) to be thorough w/ atexit/on_exit.
66:
67: 23) Make 'sudo -l user' if run as root do a "sudo -l" output for the specified
68: user.
69:
70: 24) Use strtol() and strtoul(), not atoi()
71:
72: 25) In parse.yacc get rid on unneeded '{ ; }'
73:
74: 26) Look into %e, %p, %k in parse.lex
75:
76: 27) Document Defaults stuff in sudoers.pod
77:
78: 28) Make syslog stuff work on vanilla ultrix
79:
80: 29) Implement date_format and log_format options.
81:
82: 30) Add support for: Default:user@host
83:
1.2 ! millert 84: 31) Do login-style -sh hack for sudo -s?
! 85:
! 86: 32) Make visudo rcs-aware