TODO list (most will be addressed in the next rewrite)

01) Redo parsing to be more like op(8) with true command aliases where
    can specify uid, gid(s) and part/all of the environment.

02) Add default options to sudoers file (umask, def uid, def gids, dir, PATH).

03) Add a SHELLS reserved word that checks against /etc/shells.

04) Make the sudoers file accessible via NIS, Hesiod, and maybe NetInfo.

05) Add a -h (?) flag to sudo for a history mechanism.

06) Make parse.lex in the same coding style as everything else...

07) Add an option to hard-code LD_LIBRARY_PATH?

08) Add Prog_Alias facility (Prog_Alias VI = /usr/secure/bin/vi +args).

09) Make '!' work in Cmnd_Alias, Host_Alias, User_Alias and runas list.

10) check for <net/errno.h> in configure and include it in sudo.c if it exists.

11) Add generic STREAMS support for getting interfaces and netmasks.

12) Do shadow password detection at runtime like sunos' issecure(3)???
    If so then start using GLOBAL_NO_SPW_ENT again (but rename it).

13) Do all the envariable additions in one fell swoop for efficiency and speed.

14) Catch/ignore signals in sudo?

15) Make -p work with -v and -l in any order.

16) Add support for "safe scripts" by checking for shell script
    cookie (first two bytes are "#!") and execing the shell outselves
    after doing the stat to guard against spoofing.  This should avoid
    the race condition caused by going through namei() twice...

17) Sudo should not allow someone with a nil password to run commands.

18) Overhaul testsudoers to use parse.o so we don't reimplement things.

19) Make runas_user a struct "runas" with user and group components.
    (make uid and gid too???)

20) Add -g group/gid option.

21) Make `sudo -l' output prettier.

22) Should be able to mix Cmnd_Alias's and command args.  Ie:
	pete   ALL=PASSWD [A-z]*,!PASSWD root
    where PASSWD was defined to be /usr/bin/passwd.
    This requires the arg parsing to happen in the yacc grammer.

23) Should be able to set _CONFIG_PATH_TIMEDIR via configure or the Makefile
    so folks with sysV chown can set to a secure location.

24) Add a per-tty restriction?  Ie: only can run foo from /dev/console.

25) Use popen.c instead of rolling own in logging.c
    Need to make popen.c portable first...

26) Add test for how to read ether interfaces in configure script

27) If an OS is capable of using shadow password, try the shadow
    functions first and fallback on getpw*().

28) Add configure check for $(CC) -R and use it in addition to -L

29) Change things in options.h -> --with-FOO options to configure.

30) An option to make "sudo -s" use the target user's shell might be nice
    (and more like su).