Annotation of src/usr.bin/sudo/TODO, Revision 1.8
1.1 millert 1: TODO list (most will be addressed in sudo 2.0)
2:
3: 01) Redo parsing to be more like op(8) with true command aliases where
4: can specify uid, gid(s) and part/all of the environment.
5:
1.3 millert 6: 02) Add a SHELLS reserved word that checks against /etc/shells.
1.1 millert 7:
1.3 millert 8: 03) Make the sudoers file accessible via NIS, Hesiod, and maybe NetInfo.
1.1 millert 9:
1.3 millert 10: 04) Add a -h (?) flag to sudo for a history mechanism.
1.1 millert 11:
1.3 millert 12: 05) Add an option to set LD_LIBRARY_PATH?
1.1 millert 13:
1.3 millert 14: 06) Add Prog_Alias facility (Prog_Alias VI = /usr/secure/bin/vi +args).
1.1 millert 15:
1.3 millert 16: 07) check for <net/errno.h> in configure and include it in sudo.c if it exists.
1.1 millert 17:
1.3 millert 18: 08) Add generic STREAMS support for getting interfaces and netmasks.
1.1 millert 19:
1.3 millert 20: 09) Add support for "safe scripts" by checking for shell script
1.1 millert 21: cookie (first two bytes are "#!") and execing the shell outselves
22: after doing the stat to guard against spoofing. This should avoid
23: the race condition caused by going through namei() twice...
24:
1.3 millert 25: 10) Overhaul testsudoers to use things from parse.o so we don't reimplement
1.1 millert 26: things.
27:
1.3 millert 28: 11) Make runas_user a struct "runas" with user and group components.
1.1 millert 29: (maybe uid and gid too???)
30:
1.3 millert 31: 12) Add -g group/gid option.
1.1 millert 32:
1.3 millert 33: 13) Should be able to mix Cmnd_Alias's and command args. Ie:
1.1 millert 34: pete ALL=PASSWD [A-z]*,!PASSWD root
35: where PASSWD was defined to be /usr/bin/passwd.
1.8 ! jmc 36: This requires the arg parsing to happen in the yacc grammar.
1.1 millert 37: At the very least, commands and args have to become separate
38: tokens in the lexer.
39:
1.3 millert 40: 14) Add a per-tty restriction? Ie: only can run foo from /dev/console.
1.1 millert 41:
1.3 millert 42: 15) Add test for how to read ether interfaces in configure script
1.1 millert 43:
1.7 millert 44: 16) An option to make "sudo -s" use the target user's shell might be nice
1.3 millert 45: (and more like su). Overlaps with the upcoming -i option.
1.1 millert 46:
1.7 millert 47: 17) Add configure option to enable old behavior of visudo (O_EXCL)?
1.1 millert 48: --without-sudoers-lock?
49:
1.7 millert 50: 18) Profile sudo again (is the yacc grammar optimal?)
1.1 millert 51:
1.7 millert 52: 19) Zero out encrypted passwords after use. Use an Exit function or
1.1 millert 53: some such (have to hook in to emalloc() and friends).
54: Hard (impossible?) to be thorough w/ atexit/on_exit.
55:
1.7 millert 56: 20) Make 'sudo -l user' if run as root do a "sudo -l" output for the specified
1.1 millert 57: user.
58:
1.7 millert 59: 21) Use strtol() and strtoul(), not atoi()
1.3 millert 60:
1.7 millert 61: 23) Look into %e, %p, %k in parse.lex
1.3 millert 62:
1.7 millert 63: 23) Make syslog stuff work on vanilla ultrix
1.3 millert 64:
1.7 millert 65: 24) Implement date_format and log_format options.
1.3 millert 66:
1.7 millert 67: 25) Add support for: Default:user@host
1.3 millert 68:
1.7 millert 69: 26) Do login-style -sh hack for sudo -s? (new option or do it always?)
1.1 millert 70:
1.7 millert 71: 27) Make visudo rcs-aware
1.1 millert 72:
1.7 millert 73: 28) Add support for parsing multiple sudoers files. Basically make
1.3 millert 74: _PATH_SUDOERS be a colon-separated list of pathname like EDITOR.
75: Requires _PATH_SUDOERS_TMP chages (perhaps "%s.tmp").
1.1 millert 76:
1.7 millert 77: 29) Add -i (simulate initial login) option as per 946 +sudo
1.3 millert 78: (requires two-pass parser). Also add "default_path" Defaults option
79: to go with it. (See MINUS_I.patch)
1.1 millert 80:
1.7 millert 81: 30) Some people want to be able to specify a special password in sudoers
1.5 millert 82: in addition or instead of the normal one. The best argument for
83: this so far is to be able to use separate passwords for the
84: target users that are not the passwd file ones.
1.1 millert 85:
1.7 millert 86: 31) Add support for trusted users. E.g. allow user to run a certain
1.3 millert 87: command regardless of what dir it is in if it is owned by the
88: trusted user.
1.1 millert 89:
1.7 millert 90: 32) Add mechanism to choose logfile based on RunasUser
1.1 millert 91:
1.7 millert 92: 33) Split the parser into two stages. The first parse checks for
1.3 millert 93: syntax and sets the Defaults options and sets up the
94: data structures to check a user. The second stage does
95: the actual user check.
1.2 millert 96:
1.7 millert 97: 34) Add a flag similar to '-l' but that spits out sudo commands in
1.3 millert 98: a format suitable for cut & paste (requires parser overhaul first).
1.4 millert 99:
1.7 millert 100: 35) Someone wants a recursive version of the dir specifier. Ie:
1.4 millert 101: SOME_MODIFIER:/usr/local/ to allow anything under /usr/local to be run.
102:
1.7 millert 103: 36) An option to set the shell to the target user would make sense.
1.4 millert 104: See other target user-related issues above.
105:
1.7 millert 106: 37) Add an option (-D) to dump the defaults after the sudoers file
1.4 millert 107: has been parsed. Should only be available to root and should
108: allow a -u user modifier.
109:
1.7 millert 110: 38) For sudo 1.7 wipe out the environment by default.
1.6 millert 111:
1.7 millert 112: 39) Allow /etc/sudoers to be a symlink but require the parent dir to
1.6 millert 113: be root-owned and not writable by anything else. Should really
114: traverse the tree to the root doing this.
115:
1.7 millert 116: 40) Improve interfaces.c STREAMS code (see ntpd's ntp_io.c for hints)
1.6 millert 117:
1.7 millert 118: 41) Wildcard support for user and group names? (netgroup too?)
1.6 millert 119:
1.7 millert 120: 42) If root_sudo is off, still allow sudo -u to non-root users?
1.6 millert 121:
1.7 millert 122: 43) Add configure option to id user based on euid not ruid?
1.6 millert 123:
1.7 millert 124: 44) Split $EDITOR/$VISUAL in visudo into an argument vector based on whitespace
1.6 millert 125:
1.7 millert 126: 45) Use proper links in .pod files