06) Add Prog_Alias facility (Prog_Alias VI = /usr/secure/bin/vi +args).
-07) check for <net/errno.h> in configure and include it in sudo.c if it exists.
+07) Add generic STREAMS support for getting interfaces and netmasks.
-08) Add generic STREAMS support for getting interfaces and netmasks.
-
-09) Add support for "safe scripts" by checking for shell script
+08) Add support for "safe scripts" by checking for shell script
cookie (first two bytes are "#!") and execing the shell outselves
after doing the stat to guard against spoofing. This should avoid
the race condition caused by going through namei() twice...
-10) Overhaul testsudoers to use things from parse.o so we don't reimplement
+09) Overhaul testsudoers to use things from parse.o so we don't reimplement
things.
-11) Make runas_user a struct "runas" with user and group components.
+10) Make runas_user a struct "runas" with user and group components.
(maybe uid and gid too???)
-12) Add -g group/gid option.
+11) Add -g group/gid option.
-13) Should be able to mix Cmnd_Alias's and command args. Ie:
+12) Should be able to mix Cmnd_Alias's and command args. Ie:
pete ALL=PASSWD [A-z]*,!PASSWD root
where PASSWD was defined to be /usr/bin/passwd.
This requires the arg parsing to happen in the yacc grammer.
At the very least, commands and args have to become separate
tokens in the lexer.
-14) Add a per-tty restriction? Ie: only can run foo from /dev/console.
+13) Add a per-tty restriction? Ie: only can run foo from /dev/console.
-15) Add test for how to read ether interfaces in configure script
+14) Add test for how to read ether interfaces in configure script
-16) Add configure option to enable old behavior of visudo (O_EXCL)?
+15) Add configure option to enable old behavior of visudo (O_EXCL)?
--without-sudoers-lock?
-17) Profile sudo again (is the yacc grammar optimal?)
+16) Profile sudo again (is the yacc grammar optimal?)
-18) Zero out encrypted passwords after use. Use an Exit function or
+17) Zero out encrypted passwords after use. Use an Exit function or
some such (have to hook in to emalloc() and friends).
Hard (impossible?) to be thorough w/ atexit/on_exit.
-19) Make 'sudo -l user' if run as root do a "sudo -l" output for the specified
+18) Make 'sudo -l user' if run as root do a "sudo -l" output for the specified
user.
-20) Use strtol() and strtoul(), not atoi()
-
-21) Look into %e, %p, %k in parse.lex
+19) Use strtol() and strtoul(), not atoi()
-22) Make syslog stuff work on vanilla ultrix
+20) Look into %e, %p, %k in parse.lex
-23) Implement date_format and log_format options.
+21) Make syslog stuff work on vanilla ultrix
-24) Add support for: Default:user@host
+22) Implement date_format and log_format options.
-25) Make visudo rcs-aware
+23) Add support for: Default:user@host
-26) Add support for parsing multiple sudoers files. Basically make
- _PATH_SUDOERS be a colon-separated list of pathname like EDITOR.
- Requires _PATH_SUDOERS_TMP chages (perhaps "%s.tmp").
+24) Make visudo rcs-aware
-27) Some people want to be able to specify a special password in sudoers
+25) Some people want to be able to specify a special password in sudoers
in addition or instead of the normal one. The best argument for
this so far is to be able to use separate passwords for the
target users that are not the passwd file ones.
-28) Add support for trusted users. E.g. allow user to run a certain
+26) Add support for trusted users. E.g. allow user to run a certain
command regardless of what dir it is in if it is owned by the
trusted user.
-28) Split the parser into two stages. The first parse checks for
+27) Split the parser into two stages. The first parse checks for
syntax and sets the Defaults options and sets up the
data structures to check a user. The second stage does
the actual user check.
-30) Add a flag similar to '-l' but that spits out sudo commands in
+28) Add a flag similar to '-l' but that spits out sudo commands in
a format suitable for cut & paste (requires parser overhaul first).
-31) Someone wants a recursive version of the dir specifier. Ie:
+29) Someone wants a recursive version of the dir specifier. Ie:
SOME_MODIFIER:/usr/local/ to allow anything under /usr/local to be run.
-31) An option to set the shell to the target user would make sense.
+29) An option to set the shell to the target user would make sense.
See other target user-related issues above.
-33) Add an option (-D) to dump the defaults after the sudoers file
+31) Add an option (-D) to dump the defaults after the sudoers file
has been parsed. Should only be available to root and should
allow a -u user modifier.
-34) For sudo 1.7 wipe out the environment by default.
+32) For sudo 1.7 wipe out the environment by default.
-35) Allow /etc/sudoers to be a symlink but require the parent dir to
+33) Allow /etc/sudoers to be a symlink but require the parent dir to
be root-owned and not writable by anything else. Should really
traverse the tree to the root doing this.
-36) Improve interfaces.c STREAMS code (see ntpd's ntp_io.c for hints)
+34) Improve interfaces.c STREAMS code (see ntpd's ntp_io.c for hints)
-37) Wildcard support for user and group names? (netgroup too?)
+35) Wildcard support for user and group names? (netgroup too?)
-38) If root_sudo is off, still allow sudo -u to non-root users?
+36) If root_sudo is off, still allow sudo -u to non-root users?
-39) Add configure option to id user based on euid not ruid?
+37) Add configure option to id user based on euid not ruid?
-40) Split $EDITOR/$VISUAL in visudo into an argument vector based on whitespace
+38) Split $EDITOR/$VISUAL in visudo into an argument vector based on whitespace
-41) Use proper links in .pod files
+39) Use proper links in .pod files
-42) Parse gids like %#0
+40) Parse gids like %#0
-43) Add support for systrace (requires that sudo fork and be persistent)
-
-44) For AIX, call getuserattr() to get resource limits and set them
+41) For AIX, call getuserattr() to get resource limits and set them
as appropriate, see:
http://nscp.upenn.edu/aix4.3html/libs/basetrf1/getuserattr.htm#A16691a89
-45) Add an insult_path variable that is intialized to "builtin" but that
+42) Add an insult_path variable that is intialized to "builtin" but that
can point to other files containing an insult count as the first
line and that have a constant record length (sparse files) for
easy seeking.
-46) Investigate using glob(3) instead of fnmatch(3) for path matching. That
+43) Investigate using glob(3) instead of fnmatch(3) for path matching. That
way we can stat each potential match like we normally would. Patterns
ending in '/*' can be replaced with '/basename' as an optimization.
-47) Some way of using a new pty for the program run via sudo would prevent
+44) Some way of using a new pty for the program run via sudo would prevent
access to the caller's /dev/tty (but probably makes job control tricky).
-48) Maybe have a database of checksums that commands are verified against.
+45) Maybe have a database of checksums that commands are verified against.
Basically replace the st_ino/st_dev check with a checksum lookup.
-49) Look into testing writability of a file via sudoedit *before* doing
+46) Look into testing writability of a file via sudoedit *before* doing
the edit; e.g., try opening with O_APPEND.
+
+47) Add Makefile.in bits to autogenerate Solaris and Irix packages
+
+48) Add support for Solaris 10 dtrace ala systrace support
+ or use /proc/$$/ctl w/ PCSENTRY (use PRSABORT flag to indicate failure).
+
+49) Add a session mode where sudo allocates a pty and logs everything
+ that occurs ala script(1).
+
+50) Use pam_open_session() and pam_close_session() (requires a persistent
+ sudo process to call pam_close_session()). Maybe add xauth support for
+ the non-pam case?
+
+51) Should "trace" and TRACE/NOTRACE be disabled for non-systrace?
projects / sudo / commitdiff