blob: c7920b6dc9fa34f3628c20cdd05baff85e59827f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
|
TODO list
01) Add uid and gid options to sudo and sudoers file.
02) Redo parsing to be more like op(8) with true command aliases where
can specify uid, gid(s) and part/all of the environment.
03) Add default options to sudoers file (umask, def uid, def gids, dir, PATH).
04) Add a SHELLS reserved word that checks against /etc/shells.
05) Make the sudoers file accessible via NIS, Hesiod, and maybe NetInfo.
06) Add a %h field to MAILSUBJECT for the hostname.
07) Add a -h (?) flag to sudo for a history mechanism.
08) Make parse.lex in the same coding style as everything else...
09) Make -l expand Command Aliases.
10) Add an option to hard-code LD_LIBRARY_PATH?
11) Add Prog_Alias facility (Prog_Alias VI = /usr/secure/bin/vi +args).
12) Make '!' work in Cmnd_Alias, Host_Alias and User_Alias.
13) check for <net/errno.h> in configure and include it in sudo.c if it exists.
14) Add generic STREAMS support for getting interfaces and netmasks.
15) Do shadow password detection at runtime like sunos' issecure(3)???
If so then start using GLOBAL_NO_SPW_ENT again (but rename it).
16) Do all the envariable additions in one fell swoop for efficiency and speed.
17) Catch/ignore signals in sudo?
18) Make -p work with -v and -l in any order.
19) See if having 2 versions of path_matches() (w/ and w/o args) is a win.
20) Remove "register" from vars since gcc can probably do a better job at
optimizing than I can...
21) Add support for "safe scripts" by checking for shell script
cookie (first two bytes are "#!") and execing the shell outselves
after doing the stat to guard against spoofing. This should avoid
the race condition caused by going through namei() twice...
22) Sudo should not allow someone with a nil password to run commands.
23) configure should not check for -lcrypt if it has already been
added to SUDO_LIBS.
|
