Annotation of src/usr.bin/sudo/TODO, Revision 1.4
1.1 millert 1: TODO list (most will be addressed in sudo 2.0)
2:
3: 01) Redo parsing to be more like op(8) with true command aliases where
4: can specify uid, gid(s) and part/all of the environment.
5:
1.3 millert 6: 02) Add a SHELLS reserved word that checks against /etc/shells.
1.1 millert 7:
1.3 millert 8: 03) Make the sudoers file accessible via NIS, Hesiod, and maybe NetInfo.
1.1 millert 9:
1.3 millert 10: 04) Add a -h (?) flag to sudo for a history mechanism.
1.1 millert 11:
1.3 millert 12: 05) Add an option to set LD_LIBRARY_PATH?
1.1 millert 13:
1.3 millert 14: 06) Add Prog_Alias facility (Prog_Alias VI = /usr/secure/bin/vi +args).
1.1 millert 15:
1.3 millert 16: 07) check for <net/errno.h> in configure and include it in sudo.c if it exists.
1.1 millert 17:
1.3 millert 18: 08) Add generic STREAMS support for getting interfaces and netmasks.
1.1 millert 19:
1.3 millert 20: 09) Add support for "safe scripts" by checking for shell script
1.1 millert 21: cookie (first two bytes are "#!") and execing the shell outselves
22: after doing the stat to guard against spoofing. This should avoid
23: the race condition caused by going through namei() twice...
24:
1.3 millert 25: 10) Overhaul testsudoers to use things from parse.o so we don't reimplement
1.1 millert 26: things.
27:
1.3 millert 28: 11) Make runas_user a struct "runas" with user and group components.
1.1 millert 29: (maybe uid and gid too???)
30:
1.3 millert 31: 12) Add -g group/gid option.
1.1 millert 32:
1.3 millert 33: 13) Should be able to mix Cmnd_Alias's and command args. Ie:
1.1 millert 34: pete ALL=PASSWD [A-z]*,!PASSWD root
35: where PASSWD was defined to be /usr/bin/passwd.
36: This requires the arg parsing to happen in the yacc grammer.
37: At the very least, commands and args have to become separate
38: tokens in the lexer.
39:
1.3 millert 40: 14) Add a per-tty restriction? Ie: only can run foo from /dev/console.
1.1 millert 41:
1.3 millert 42: 15) Add test for how to read ether interfaces in configure script
1.1 millert 43:
1.3 millert 44: 16) Add configure check for $(CC) -R and use it in addition to -L
1.1 millert 45:
1.3 millert 46: 17) An option to make "sudo -s" use the target user's shell might be nice
47: (and more like su). Overlaps with the upcoming -i option.
1.1 millert 48:
1.3 millert 49: 18) Add configure option to enable old behavior of visudo (O_EXCL)?
1.1 millert 50: --without-sudoers-lock?
51:
1.3 millert 52: 19) Profile sudo again (is the yacc grammar optimal?)
1.1 millert 53:
1.3 millert 54: 20) Zero out encrypted passwords after use. Use an Exit function or
1.1 millert 55: some such (have to hook in to emalloc() and friends).
56: Hard (impossible?) to be thorough w/ atexit/on_exit.
57:
1.3 millert 58: 21) Make 'sudo -l user' if run as root do a "sudo -l" output for the specified
1.1 millert 59: user.
60:
1.3 millert 61: 22) Use strtol() and strtoul(), not atoi()
62:
63: 23) In parse.yacc get rid of unneeded '{ ; }'
64:
65: 24) Look into %e, %p, %k in parse.lex
66:
67: 25) Make syslog stuff work on vanilla ultrix
68:
69: 26) Implement date_format and log_format options.
70:
71: 27) Add support for: Default:user@host
72:
73: 28) Do login-style -sh hack for sudo -s? (new option or do it always?)
1.1 millert 74:
1.3 millert 75: 29) Make visudo rcs-aware
1.1 millert 76:
1.3 millert 77: 30) Add support for parsing multiple sudoers files. Basically make
78: _PATH_SUDOERS be a colon-separated list of pathname like EDITOR.
79: Requires _PATH_SUDOERS_TMP chages (perhaps "%s.tmp").
1.1 millert 80:
1.3 millert 81: 31) Add -i (simulate initial login) option as per 946 +sudo
82: (requires two-pass parser). Also add "default_path" Defaults option
83: to go with it. (See MINUS_I.patch)
1.1 millert 84:
1.3 millert 85: 32) Some people want to be able to specify a special password in sudoers
86: in addition or instead of the normal one.
1.1 millert 87:
1.3 millert 88: 33) Add support for trusted users. E.g. allow user to run a certain
89: command regardless of what dir it is in if it is owned by the
90: trusted user.
1.1 millert 91:
1.3 millert 92: 34) Add mechanism to choose logfile based on RunasUser
1.1 millert 93:
1.3 millert 94: 35) Split the parser into two stages. The first parse checks for
95: syntax and sets the Defaults options and sets up the
96: data structures to check a user. The second stage does
97: the actual user check.
1.2 millert 98:
1.3 millert 99: 36) Add a flag similar to '-l' but that spits out sudo commands in
100: a format suitable for cut & paste (requires parser overhaul first).
1.4 ! millert 101:
! 102: 37) Someone wants a recursive version of the dir specifier. Ie:
! 103: SOME_MODIFIER:/usr/local/ to allow anything under /usr/local to be run.
! 104:
! 105: 38) An option to set the shell to the target user would make sense.
! 106: See other target user-related issues above.
! 107:
! 108: 39) Add an option (-D) to dump the defaults after the sudoers file
! 109: has been parsed. Should only be available to root and should
! 110: allow a -u user modifier.
! 111:
! 112: 40) For sudo 1.7 wipe out the environment by default.
![[BACK]](/icons/back.gif){kind=icon}
Return to TODO CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / sudo