more things todo!
This commit is contained in:
Todd C. Miller
31
TODO
31
TODO
@@ -1,9 +1,14 @@
|
||||
TODO list (most will be addressed in the next rewrite)
|
||||
TODO list (most will be addressed in sudo 2.0)
|
||||
|
||||
01) Redo parsing to be more like op(8) with true command aliases where
|
||||
can specify uid, gid(s) and part/all of the environment.
|
||||
|
||||
02) Add default options to sudoers file (umask, def uid, def gids, dir, PATH).
|
||||
Defaults = option1, option2, ...
|
||||
Defaults@host = option1, option2, ...
|
||||
Defaults!user = option1, option2, ...
|
||||
Defaults%group = option1, option2, ...
|
||||
Defaults+netgroup = option1, option2, ...
|
||||
|
||||
03) Add a SHELLS reserved word that checks against /etc/shells.
|
||||
|
||||
@@ -24,10 +29,11 @@ TODO list (most will be addressed in the next rewrite)
|
||||
after doing the stat to guard against spoofing. This should avoid
|
||||
the race condition caused by going through namei() twice...
|
||||
|
||||
11) Overhaul testsudoers to use parse.o so we don't reimplement things.
|
||||
11) Overhaul testsudoers to use things from parse.o so we don't reimplement
|
||||
things.
|
||||
|
||||
12) Make runas_user a struct "runas" with user and group components.
|
||||
(make uid and gid too???)
|
||||
(maybe uid and gid too???)
|
||||
|
||||
13) Add -g group/gid option.
|
||||
|
||||
@@ -35,6 +41,8 @@ TODO list (most will be addressed in the next rewrite)
|
||||
pete ALL=PASSWD [A-z]*,!PASSWD root
|
||||
where PASSWD was defined to be /usr/bin/passwd.
|
||||
This requires the arg parsing to happen in the yacc grammer.
|
||||
At the very least, commands and args have to become separate
|
||||
tokens in the lexer.
|
||||
|
||||
15) Add a per-tty restriction? Ie: only can run foo from /dev/console.
|
||||
|
||||
@@ -45,9 +53,18 @@ TODO list (most will be addressed in the next rewrite)
|
||||
18) An option to make "sudo -s" use the target user's shell might be nice
|
||||
(and more like su).
|
||||
|
||||
19) Sudo should have a separate error message for when the user is in sudoers
|
||||
but not allowed to run stuff on that host, and send mail.
|
||||
19) Use getrlimit() in preference to getconf()/getdtablesize().
|
||||
|
||||
20) Use getrlimit() in preference to getconf()
|
||||
20) Add configure option to enable old behavior of visudo (O_EXCL)?
|
||||
--without-sudoers-lock?
|
||||
|
||||
21) Include a syslog.conf sample
|
||||
21) Profile sudo again (is the yacc grammar optimal?)
|
||||
|
||||
22) Zero out encrypted passwords after use. Use an Exit function or
|
||||
some such (have to hook in to emalloc() and friends).
|
||||
Hard (impossible?) to be thorough w/ atexit/on_exit.
|
||||
|
||||
23) Make 'sudo -l user' if run as root do a "sudo -l" output for the specified
|
||||
user.
|
||||
|
||||
24) Use strtol() and strtoul(), not atoi()?
|
||||
|
||||
Reference in New Issue
Block a user