From: Todd C. Miller Date: Thu, 22 Jul 1999 12:34:53 +0000 (+0000) Subject: Take out things I've done... X-Git-Tag: SUDO_1_6_0~219 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=3bce72741d7221e9f8ee8e404943072c9571bcf7;p=sudo Take out things I've done... --- diff --git a/TODO b/TODO index d87fbdbbb..c16505f5d 100644 --- a/TODO +++ b/TODO @@ -19,43 +19,36 @@ TODO list (most will be addressed in the next rewrite) 09) Add generic STREAMS support for getting interfaces and netmasks. -10) Do all the environment variable additions in one fell swoop for - efficiency and speed. - -11) Catch/ignore signals in sudo? - -12) Add support for "safe scripts" by checking for shell script +10) Add support for "safe scripts" by checking for shell script cookie (first two bytes are "#!") and execing the shell outselves after doing the stat to guard against spoofing. This should avoid the race condition caused by going through namei() twice... -13) Sudo should not allow someone with a nil password to run commands. - -14) Overhaul testsudoers to use parse.o so we don't reimplement things. +11) Overhaul testsudoers to use parse.o so we don't reimplement things. -15) Make runas_user a struct "runas" with user and group components. +12) Make runas_user a struct "runas" with user and group components. (make uid and gid too???) -16) Add -g group/gid option. +13) Add -g group/gid option. -17) Should be able to mix Cmnd_Alias's and command args. Ie: +14) Should be able to mix Cmnd_Alias's and command args. Ie: pete ALL=PASSWD [A-z]*,!PASSWD root where PASSWD was defined to be /usr/bin/passwd. This requires the arg parsing to happen in the yacc grammer. -18) Add a per-tty restriction? Ie: only can run foo from /dev/console. +15) Add a per-tty restriction? Ie: only can run foo from /dev/console. -19) Use popen.c instead of rolling own in logging.c - Need to make popen.c portable first... +16) Add test for how to read ether interfaces in configure script -20) Add test for how to read ether interfaces in configure script +17) Add configure check for $(CC) -R and use it in addition to -L -21) Add configure check for $(CC) -R and use it in addition to -L - -22) An option to make "sudo -s" use the target user's shell might be nice +18) An option to make "sudo -s" use the target user's shell might be nice (and more like su). -23) Sudo should have a separate error message for when the user is in sudoers +19) Sudo should have a separate error message for when the user is in sudoers but not allowed to run stuff on that host, and send mail. -24) Break authentication stuff out of check.c into auth.c +20) Use asctime(), not ctime(), if available. + +21) Make -k just touch the time back to the epoch. New -K flag to really + kill things. Make timestamp a dir unless tty tickets in use.