From: Todd C. Miller Date: Tue, 26 Oct 2004 22:29:08 +0000 (+0000) Subject: sync X-Git-Tag: SUDO_1_7_0~851 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=b1d7ccde4fa9a45a7840aa6175372d34995f1a71;p=sudo sync --- diff --git a/CHANGES b/CHANGES index 1f746adc9..b8100fa06 100644 --- a/CHANGES +++ b/CHANGES @@ -1746,5 +1746,17 @@ Sudo 1.6.8p1 released. 552) Fixed error handling if the lexer runs out of memory. -553) Optimize lexer slightly by removing use of unput() and remove +553) Optimized lexer slightly by removing use of unput() and removing some ambiguity with the Default keyword. + +554) Wildcard matches on commands now use glob() and stat() so + that relative paths work correctly in conjunction with wildcards. + +555) Rewritten parser that converts sudoers into a set of data structures. + This eliminates ordering issues and makes it possible to apply + sudoers Defaults entries before searching for the command. + +556) Visudo will now warn about aliases that are defined but not used. + +557) "sudo -l" now takes an optional username which lets root see other + users' privs. diff --git a/TODO b/TODO index 79f8a8293..3e2ac513a 100644 --- a/TODO +++ b/TODO @@ -78,7 +78,7 @@ TODO list (most will be addressed in sudo 2.0) the actual user check. 28) Add a flag similar to '-l' but that spits out sudo commands in - a format suitable for cut & paste (requires parser overhaul first). + a format suitable for cut & paste into sudoers. 29) Someone wants a recursive version of the dir specifier. Ie: SOME_MODIFIER:/usr/local/ to allow anything under /usr/local to be run. @@ -119,29 +119,31 @@ TODO list (most will be addressed in sudo 2.0) line and that have a constant record length (sparse files) for easy seeking. -43) Investigate using glob(3) instead of fnmatch(3) for path matching. That - way we can stat each potential match like we normally would. Patterns - ending in '/*' can be replaced with '/basename' as an optimization. - -44) Some way of using a new pty for the program run via sudo would prevent +43) Some way of using a new pty for the program run via sudo would prevent access to the caller's /dev/tty (but probably makes job control tricky). -45) Maybe have a database of checksums that commands are verified against. +44) Maybe have a database of checksums that commands are verified against. Basically replace the st_ino/st_dev check with a checksum lookup. -46) Look into testing writability of a file via sudoedit *before* doing +45) Look into testing writability of a file via sudoedit *before* doing the edit; e.g., try opening with O_APPEND. -47) Add Makefile.in bits to autogenerate Solaris and Irix packages +46) Add Makefile.in bits to autogenerate Solaris and Irix packages -48) Add support for Solaris 10 dtrace ala systrace support +47) Add support for Solaris 10 dtrace ala systrace support or use /proc/$$/ctl w/ PCSENTRY (use PRSABORT flag to indicate failure). -49) Add a session mode where sudo allocates a pty and logs everything +48) Add a session mode where sudo allocates a pty and logs everything that occurs ala script(1). -50) Use pam_open_session() and pam_close_session() (requires a persistent +49) Use pam_open_session() and pam_close_session() (requires a persistent sudo process to call pam_close_session()). Maybe add xauth support for the non-pam case? -51) Should "trace" and TRACE/NOTRACE be disabled for non-systrace? +50) Should "monitor" and MONITOR/NOMONITOR be disabled for non-systrace? + +51) Add substitution mechanism in sudoers to subst, e.g. editors for sudoedit + +52) Move prototypes to extern.h + +53) Get rid of VALIDATE_NOT_OK and just set/clear VALIDATE_OK