From: Todd C. Miller Date: Fri, 30 Jan 2004 00:42:58 +0000 (+0000) Subject: sync X-Git-Tag: SUDO_1_6_8~198 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=926d3f5b5eba6dd3419f4d7d23abc563971de732;p=sudo sync --- diff --git a/BUGS b/BUGS index db5f3312c..a95fae0c3 100644 --- a/BUGS +++ b/BUGS @@ -21,5 +21,8 @@ Known bugs in sudo version 1.6.8 the "alias specifications". In the future the parser will converted to a two-pass parser. +6) For the same reason as #5, changing the value of "ignore_dot" has + no effect (find_path() is called before sudoers is parsed). + For a list of things that are not bugs but that I would like to add / fix, please see the TODO file. diff --git a/CHANGES b/CHANGES index 5fd200a50..0f5bce92d 100644 --- a/CHANGES +++ b/CHANGES @@ -1650,3 +1650,23 @@ Sudo 1.6.7p6 released. by sudo from executing another program (think shell escapes). Because this uses LD_PRELOAD it has no effect on static binaries. Idea from Reznic Valery. + +518) TIS fwtk authentication now supports fwtk 2.0 and higher. + +519) Sudo will now try to stat the command to be run as the user + specified by the -u flag if the stat fails as root. Fixes + an NFS issue. + +520) Added Stan Lee / Uncle Ben quote to the lecture (from RedHat). + +521) Added a -i option to simulate an initial login similar to "su -". + Originally based on a patch from David J. MacKenzie. + +522) Added a -e option to edit files the with uid of the invoking user. + This prevents the user from editing other files or running commands + as the target user. If sudo is run as "sudoedit" the -e flag is implied. + +523) If sudo is used to run as root shell, further sudo commands will + be logged as run by the user specified by the SUDO_USER environment + variable. In -e mode (sudoedit), SUDO_USER is used to determine + what user to run the editor when the real uid is 0. diff --git a/TODO b/TODO index a2a5a7c96..1135a7c67 100644 --- a/TODO +++ b/TODO @@ -41,91 +41,92 @@ TODO list (most will be addressed in sudo 2.0) 15) Add test for how to read ether interfaces in configure script -16) An option to make "sudo -s" use the target user's shell might be nice - (and more like su). Overlaps with the upcoming -i option. - -17) Add configure option to enable old behavior of visudo (O_EXCL)? +16) Add configure option to enable old behavior of visudo (O_EXCL)? --without-sudoers-lock? -18) Profile sudo again (is the yacc grammar optimal?) +17) Profile sudo again (is the yacc grammar optimal?) -19) Zero out encrypted passwords after use. Use an Exit function or +18) Zero out encrypted passwords after use. Use an Exit function or some such (have to hook in to emalloc() and friends). Hard (impossible?) to be thorough w/ atexit/on_exit. -20) Make 'sudo -l user' if run as root do a "sudo -l" output for the specified +19) Make 'sudo -l user' if run as root do a "sudo -l" output for the specified user. -21) Use strtol() and strtoul(), not atoi() - -23) Look into %e, %p, %k in parse.lex +20) Use strtol() and strtoul(), not atoi() -23) Make syslog stuff work on vanilla ultrix +21) Look into %e, %p, %k in parse.lex -24) Implement date_format and log_format options. +22) Make syslog stuff work on vanilla ultrix -25) Add support for: Default:user@host +23) Implement date_format and log_format options. -26) Do login-style -sh hack for sudo -s? (new option or do it always?) +24) Add support for: Default:user@host -27) Make visudo rcs-aware +25) Make visudo rcs-aware -28) Add support for parsing multiple sudoers files. Basically make +26) Add support for parsing multiple sudoers files. Basically make _PATH_SUDOERS be a colon-separated list of pathname like EDITOR. Requires _PATH_SUDOERS_TMP chages (perhaps "%s.tmp"). -29) Add -i (simulate initial login) option as per 946 +sudo - (requires two-pass parser). Also add "default_path" Defaults option - to go with it. (See MINUS_I.patch) - -30) Some people want to be able to specify a special password in sudoers +27) Some people want to be able to specify a special password in sudoers in addition or instead of the normal one. The best argument for this so far is to be able to use separate passwords for the target users that are not the passwd file ones. -31) Add support for trusted users. E.g. allow user to run a certain +28) Add support for trusted users. E.g. allow user to run a certain command regardless of what dir it is in if it is owned by the trusted user. -32) Add mechanism to choose logfile based on RunasUser - -33) Split the parser into two stages. The first parse checks for +28) Split the parser into two stages. The first parse checks for syntax and sets the Defaults options and sets up the data structures to check a user. The second stage does the actual user check. -34) Add a flag similar to '-l' but that spits out sudo commands in +30) Add a flag similar to '-l' but that spits out sudo commands in a format suitable for cut & paste (requires parser overhaul first). -35) Someone wants a recursive version of the dir specifier. Ie: +31) Someone wants a recursive version of the dir specifier. Ie: SOME_MODIFIER:/usr/local/ to allow anything under /usr/local to be run. -36) An option to set the shell to the target user would make sense. +31) An option to set the shell to the target user would make sense. See other target user-related issues above. -37) Add an option (-D) to dump the defaults after the sudoers file +33) Add an option (-D) to dump the defaults after the sudoers file has been parsed. Should only be available to root and should allow a -u user modifier. -38) For sudo 1.7 wipe out the environment by default. +34) For sudo 1.7 wipe out the environment by default. -39) Allow /etc/sudoers to be a symlink but require the parent dir to +35) Allow /etc/sudoers to be a symlink but require the parent dir to be root-owned and not writable by anything else. Should really traverse the tree to the root doing this. -40) Improve interfaces.c STREAMS code (see ntpd's ntp_io.c for hints) +36) Improve interfaces.c STREAMS code (see ntpd's ntp_io.c for hints) + +37) Wildcard support for user and group names? (netgroup too?) + +38) If root_sudo is off, still allow sudo -u to non-root users? + +39) Add configure option to id user based on euid not ruid? + +40) Split $EDITOR/$VISUAL in visudo into an argument vector based on whitespace -41) Wildcard support for user and group names? (netgroup too?) +41) Use proper links in .pod files -42) If root_sudo is off, still allow sudo -u to non-root users? +42) Parse gids like %#0 -43) Add configure option to id user based on euid not ruid? +43) Add support for systrace (requires that sudo fork and be persistent) -44) Split $EDITOR/$VISUAL in visudo into an argument vector based on whitespace +44) For AIX, call getuserattr() to get resource limits and set them + as appropriate, see: + http://nscp.upenn.edu/aix4.3html/libs/basetrf1/getuserattr.htm#A16691a89 -45) Use proper links in .pod files +45) Add an insult_path variable that is intialized to "builtin" but that + can point to other files containing an insult count as the first + line and that have a constant record length (sparse files) for + easy seeking. -46) Parse gids like %#0 +46) Investigate POSIX setreuid() semantics and how sudo violates them. -47) Don't assume usernames are limited to 8 chars, look at ut_name/ut_user - in struct utmp or just trust what getpw* returned. +47) In a runas list, what should (!user) as opposed to (ALL, !user) do?