path: root/TODO

TODO list (most will be addressed in the next rewrite)

01) Redo parsing to be more like op(8) with true command aliases where
    can specify uid, gid(s) and part/all of the environment.

02) Add default options to sudoers file (umask, def uid, def gids, dir, PATH).

03) Add a SHELLS reserved word that checks against /etc/shells.

04) Make the sudoers file accessible via NIS, Hesiod, and maybe NetInfo.

05) Add a -h (?) flag to sudo for a history mechanism.

06) Add an option to hard-code LD_LIBRARY_PATH?

07) Add Prog_Alias facility (Prog_Alias VI = /usr/secure/bin/vi +args).

08) check for <net/errno.h> in configure and include it in sudo.c if it exists.

09) Add generic STREAMS support for getting interfaces and netmasks.

10) Add support for "safe scripts" by checking for shell script
    cookie (first two bytes are "#!") and execing the shell outselves
    after doing the stat to guard against spoofing.  This should avoid
    the race condition caused by going through namei() twice...

11) Overhaul testsudoers to use parse.o so we don't reimplement things.

12) Make runas_user a struct "runas" with user and group components.
    (make uid and gid too???)

13) Add -g group/gid option.

14) Should be able to mix Cmnd_Alias's and command args.  Ie:
	pete   ALL=PASSWD [A-z]*,!PASSWD root
    where PASSWD was defined to be /usr/bin/passwd.
    This requires the arg parsing to happen in the yacc grammer.

15) Add a per-tty restriction?  Ie: only can run foo from /dev/console.

16) Add test for how to read ether interfaces in configure script

17) Add configure check for $(CC) -R and use it in addition to -L

18) An option to make "sudo -s" use the target user's shell might be nice
    (and more like su).

19) Sudo should have a separate error message for when the user is in sudoers
    but not allowed to run stuff on that host, and send mail.

20) Use getrlimit() in preference to getconf()

21) Include a syslog.conf sample