sync
This commit is contained in:
Todd C. Miller
103
TODO
103
TODO
@@ -18,145 +18,140 @@ TODO list (most will be addressed in sudo 2.0)
|
||||
after doing the stat to guard against spoofing. This should avoid
|
||||
the race condition caused by going through namei() twice...
|
||||
|
||||
08) Make runas_user a struct "runas" with user and group components.
|
||||
(maybe uid and gid too???)
|
||||
|
||||
09) Should be able to mix Cmnd_Alias's and command args. Ie:
|
||||
08) Should be able to mix Cmnd_Alias's and command args. Ie:
|
||||
pete ALL=PASSWD [A-z]*,!PASSWD root
|
||||
where PASSWD was defined to be /usr/bin/passwd.
|
||||
This requires the arg parsing to happen in the yacc grammer.
|
||||
At the very least, commands and args have to become separate
|
||||
tokens in the lexer.
|
||||
|
||||
10) Add a per-tty restriction? Ie: only can run foo from /dev/console.
|
||||
09) Add a per-tty restriction? Ie: only can run foo from /dev/console.
|
||||
|
||||
11) Add test for how to read ether interfaces in configure script
|
||||
10) Add test for how to read ether interfaces in configure script
|
||||
|
||||
12) Use strtol() and strtoul(), not atoi()
|
||||
11) Use strtol() and strtoul(), not atoi()
|
||||
|
||||
13) Implement date_format and log_format options.
|
||||
12) Implement date_format and log_format options.
|
||||
|
||||
14) Add support for: Default:user@host
|
||||
13) Add support for: Default:user@host
|
||||
|
||||
15) Some people want to be able to specify a special password in sudoers
|
||||
14) Some people want to be able to specify a special password in sudoers
|
||||
in addition or instead of the normal one. The best argument for
|
||||
this so far is to be able to use separate passwords for the
|
||||
target users that are not the passwd file ones.
|
||||
|
||||
16) Add support for trusted users. E.g. allow user to run a certain
|
||||
15) Add support for trusted users. E.g. allow user to run a certain
|
||||
command regardless of what dir it is in if it is owned by the
|
||||
trusted user.
|
||||
|
||||
17) Add a flag similar to '-l' but that spits out sudo commands in
|
||||
16) Add a flag similar to '-l' but that spits out sudo commands in
|
||||
a format suitable for cut & paste into sudoers.
|
||||
|
||||
18) Someone wants a recursive version of the dir specifier. Ie:
|
||||
17) Someone wants a recursive version of the dir specifier. Ie:
|
||||
SOME_MODIFIER:/usr/local/ to allow anything under /usr/local to be run.
|
||||
|
||||
19) An option to set the shell to the target user would make sense.
|
||||
18) An option to set the shell to the target user would make sense.
|
||||
See other target user-related issues above.
|
||||
|
||||
20) Add an option (-D) to dump the defaults after the sudoers file
|
||||
19) Add an option (-D) to dump the defaults after the sudoers file
|
||||
has been parsed. Should only be available to root and should
|
||||
allow a -u user modifier. Maybe dump all of sudoers?
|
||||
|
||||
21) Allow /etc/sudoers to be a symlink but require the parent dir to
|
||||
20) Allow /etc/sudoers to be a symlink but require the parent dir to
|
||||
be root-owned and not writable by anything else. Should really
|
||||
traverse the tree to the root doing this.
|
||||
|
||||
22) Improve interfaces.c STREAMS code (see ntpd's ntp_io.c for hints)
|
||||
21) Improve interfaces.c STREAMS code (see ntpd's ntp_io.c for hints)
|
||||
|
||||
23) Wildcard support for user and group names? (netgroup too?)
|
||||
22) Wildcard support for user and group names? (netgroup too?)
|
||||
|
||||
24) If root_sudo is off, still allow sudo -u to non-root users?
|
||||
23) If root_sudo is off, still allow sudo -u to non-root users?
|
||||
|
||||
25) Parse gids like %#0
|
||||
|
||||
26) For AIX, use setpenv() and setpcred() if they exist
|
||||
24) For AIX, use setpenv() and setpcred() if they exist
|
||||
http://publibn.boulder.ibm.com/doc_link/en_US/a_doc_lib/libs/basetrf2/setpenv.htm
|
||||
http://publib16.boulder.ibm.com/pseries/en_US/libs/basetrf2/setpcred.htm
|
||||
|
||||
27) Add an insult_path variable that is intialized to "builtin" but that
|
||||
25) Add an insult_path variable that is intialized to "builtin" but that
|
||||
can point to other files containing an insult count as the first
|
||||
line and that have a constant record length (sparse files) for
|
||||
easy seeking.
|
||||
|
||||
28) Some way of using a new pty for the program run via sudo would prevent
|
||||
26) Some way of using a new pty for the program run via sudo would prevent
|
||||
access to the caller's /dev/tty (but probably makes job control tricky).
|
||||
|
||||
29) Maybe have a database of checksums that commands are verified against.
|
||||
27) Maybe have a database of checksums that commands are verified against.
|
||||
Basically replace the st_ino/st_dev check with a checksum lookup.
|
||||
|
||||
30) Look into testing writability of a file via sudoedit *before* doing
|
||||
28) Look into testing writability of a file via sudoedit *before* doing
|
||||
the edit; e.g., try opening with O_APPEND.
|
||||
|
||||
31) Add Makefile.in bits to autogenerate Solaris and Irix packages
|
||||
29) Add Makefile.in bits to autogenerate Solaris and Irix packages
|
||||
|
||||
32) Add a session mode where sudo allocates a pty and logs everything
|
||||
30) Add a session mode where sudo allocates a pty and logs everything
|
||||
that occurs ala script(1).
|
||||
|
||||
33) Use pam_open_session() and pam_close_session() (requires a persistent
|
||||
31) Use pam_open_session() and pam_close_session() (requires a persistent
|
||||
sudo process to call pam_close_session()). Maybe add xauth support for
|
||||
the non-pam case?
|
||||
|
||||
34) Add substitution mechanism in sudoers to subst, e.g. editors for sudoedit
|
||||
32) Add substitution mechanism in sudoers to subst, e.g. editors for sudoedit
|
||||
|
||||
35) Move prototypes to extern.h?
|
||||
33) Move prototypes to extern.h?
|
||||
|
||||
36) Get rid of VALIDATE_NOT_OK and just set/clear VALIDATE_OK
|
||||
34) Get rid of VALIDATE_NOT_OK and just set/clear VALIDATE_OK
|
||||
|
||||
37) visudo -c should also sanity check aliases
|
||||
35) visudo -c should also sanity check aliases
|
||||
|
||||
38) Use AC_CHECK_DECLS for systems w/o proper prototypes? Maybe errno too?
|
||||
36) Use AC_CHECK_DECLS for systems w/o proper prototypes? Maybe errno too?
|
||||
|
||||
39) Flesh out testsudoers and fix glob/opendir issues. Use custom netgroup
|
||||
37) Flesh out testsudoers and fix glob/opendir issues. Use custom netgroup
|
||||
code too?
|
||||
|
||||
40) Think some more about giving admins a way to test commands for a user
|
||||
38) Think some more about giving admins a way to test commands for a user
|
||||
on a specific host with a different sudoers file.
|
||||
|
||||
41) Add nsswitch.conf parsing to LDAP support.
|
||||
39) Add nsswitch.conf parsing to LDAP support.
|
||||
|
||||
42) Refactor duplicated code in ldap.c into wrapper functions.
|
||||
40) Refactor duplicated code in ldap.c into wrapper functions.
|
||||
|
||||
43) Return command from command_matches() instead of setting safe_cmnd directly.
|
||||
41) Return command from command_matches() instead of setting safe_cmnd directly.
|
||||
|
||||
44) Roll visudo into sudo ala sudoedit.
|
||||
42) Roll visudo into sudo ala sudoedit.
|
||||
|
||||
45) Add ticket file to ticket dir in non-tty tickets case so we
|
||||
43) Add ticket file to ticket dir in non-tty tickets case so we
|
||||
can mix tty and non-tty ticket schemes.
|
||||
|
||||
46) Use ldap_get_values_len() instead of ldap_get_values() for
|
||||
44) Use ldap_get_values_len() instead of ldap_get_values() for
|
||||
OpenLDAP (what about others?)
|
||||
|
||||
47) Add support for NOEXEC w/ 64-bit AIX executables.
|
||||
45) Add support for NOEXEC w/ 64-bit AIX executables.
|
||||
http://publib.boulder.ibm.com/infocenter/pseries/v5r3/index.jsp?topic=/com.ibm.xlf91a.doc/xlfug/comp64.htm
|
||||
|
||||
48) Revisit debian fqdn diffs.
|
||||
46) Revisit debian fqdn diffs.
|
||||
|
||||
49) Add gettext() support. Can borrow some translations from PAM.
|
||||
47) Add gettext() support. Can borrow some translations from PAM.
|
||||
|
||||
50) Convert the other capitalized files into .pod so we can get decent html
|
||||
48) Convert the other capitalized files into .pod so we can get decent html
|
||||
form them? E.g. README, etc. E.g.
|
||||
pod2text -l -i0 history.pod > HISTORY
|
||||
pod2html --noindex history.pod > history.html
|
||||
|
||||
51) Use mkstemp() for visudo temp files? Also re-examine locking.
|
||||
49) Use mkstemp() for visudo temp files? Also re-examine locking.
|
||||
|
||||
52) Add SSL support for ldap, see http://docs.sun.com/source/816-5616-10/ssl.htm#12979 and enablefor "ssl on"
|
||||
50) Run sudo thorugh valgrind
|
||||
|
||||
53) Run sudo thorugh valgrind
|
||||
|
||||
54) Make -a and -c options in sudo.pod only visible when available.
|
||||
51) Make -a and -c options in sudo.pod only visible when available.
|
||||
Could use an nroff register combines with configure substitute magic.
|
||||
Note that configure substitution runs on the .man.in file not the
|
||||
.pod file.
|
||||
|
||||
55) Consolidate line wrap code.
|
||||
52) Consolidate line wrap code.
|
||||
|
||||
56) How can we distinguish between a bare '\\' and one that is escaping
|
||||
53) How can we distinguish between a bare '\\' and one that is escaping
|
||||
glob chars? Right now we convert \\ -> \ in the lexer which
|
||||
causes the confusion.
|
||||
|
||||
57) For LDAP entries, should be able to parse the per-command options
|
||||
54) For LDAP entries, should be able to parse the per-command options
|
||||
since they may affect the outcome (e.g. default_runas).
|
||||
|
||||
55) Better LDAP documention. Perhaps a sudo-ldap man page.
|
||||
|
||||
Reference in New Issue
Block a user