From feeaac1f01410e8292af6bf9bfa6fdc0c9520a60 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Sun, 25 Aug 1996 17:27:01 +0000 Subject: [PATCH] updated for 1.5 --- TODO | 60 +++++++++++++++++++++++------------------------------------- 1 file changed, 23 insertions(+), 37 deletions(-) diff --git a/TODO b/TODO index a5705eec4..4554bda2d 100644 --- a/TODO +++ b/TODO @@ -1,65 +1,51 @@ -TODO list +TODO list (most will be addressed in the next rewrite) -01) Add uid and gid options to sudo and sudoers file. - -02) Redo parsing to be more like op(8) with true command aliases where +01) Redo parsing to be more like op(8) with true command aliases where can specify uid, gid(s) and part/all of the environment. -03) Add default options to sudoers file (umask, def uid, def gids, dir, PATH). - -04) Add a SHELLS reserved word that checks against /etc/shells. +02) Add default options to sudoers file (umask, def uid, def gids, dir, PATH). -05) Make the sudoers file accessible via NIS, Hesiod, and maybe NetInfo. +03) Add a SHELLS reserved word that checks against /etc/shells. -06) Add a %h field to MAILSUBJECT for the hostname. +04) Make the sudoers file accessible via NIS, Hesiod, and maybe NetInfo. -07) Add a -h (?) flag to sudo for a history mechanism. +05) Add a %h field to MAILSUBJECT for the hostname. -08) Make parse.lex in the same coding style as everything else... +06) Add a -h (?) flag to sudo for a history mechanism. -09) Make -l expand Command Aliases. +07) Make parse.lex in the same coding style as everything else... -10) Add an option to hard-code LD_LIBRARY_PATH? +08) Add an option to hard-code LD_LIBRARY_PATH? -11) Add Prog_Alias facility (Prog_Alias VI = /usr/secure/bin/vi +args). +09) Add Prog_Alias facility (Prog_Alias VI = /usr/secure/bin/vi +args). -12) Make '!' work in Cmnd_Alias, Host_Alias and User_Alias. +10) Make '!' work in Cmnd_Alias, Host_Alias, User_Alias and runas list. -13) check for in configure and include it in sudo.c if it exists. +11) check for in configure and include it in sudo.c if it exists. -14) Add generic STREAMS support for getting interfaces and netmasks. +12) Add generic STREAMS support for getting interfaces and netmasks. -15) Do shadow password detection at runtime like sunos' issecure(3)??? +13) Do shadow password detection at runtime like sunos' issecure(3)??? If so then start using GLOBAL_NO_SPW_ENT again (but rename it). -16) Do all the envariable additions in one fell swoop for efficiency and speed. - -17) Catch/ignore signals in sudo? +14) Do all the envariable additions in one fell swoop for efficiency and speed. -18) Make -p work with -v and -l in any order. +15) Catch/ignore signals in sudo? -19) See if having 2 versions of path_matches() (w/ and w/o args) is a win. +16) Make -p work with -v and -l in any order. -20) Remove "register" from vars since gcc can probably do a better job at - optimizing than I can... - -21) Add support for "safe scripts" by checking for shell script +17) Add support for "safe scripts" by checking for shell script cookie (first two bytes are "#!") and execing the shell outselves after doing the stat to guard against spoofing. This should avoid the race condition caused by going through namei() twice... -22) Sudo should not allow someone with a nil password to run commands. +18) Sudo should not allow someone with a nil password to run commands. -23) Overhaul testsudoers to use parse.o so we don't reimplement things. +19) Overhaul testsudoers to use parse.o so we don't reimplement things. -24) Make runas_user a struct "runas" with user and group components. +20) Make runas_user a struct "runas" with user and group components. (make uid and gid too???) -25) Make "sudo -l" output go into a dynamically-sized array that gets - printed if passwd is ok or none is required. - -26) Update docs wrt NOPASSWD, "runas" and wildcards in pathnames. - -27) Would be nice to use '!' in the runas list. +21) Add -g group/gid option. -28) Add -g group/gid option. +22) Make `sudo -l' output prettier. -- 2.40.0