diff options
Diffstat (limited to 'TODO')
| -rw-r--r-- | TODO | 80 |
1 files changed, 21 insertions, 59 deletions
| @@ -1,4 +1,19 @@ | |||
| 1 | Documentation: | ||
| 2 | |||
| 3 | - Update the docs | ||
| 4 | - Update README | ||
| 5 | - Update INSTALL | ||
| 6 | - Merge INSTALL & README.privsep | ||
| 7 | |||
| 8 | - Install FAQ? | ||
| 9 | |||
| 10 | - General FAQ on S/Key, TIS, RSA, RSA2, DSA, etc and suggestions on when it | ||
| 11 | would be best to use them. | ||
| 12 | |||
| 13 | - Create a Documentation/ directory? | ||
| 14 | |||
| 1 | Programming: | 15 | Programming: |
| 16 | |||
| 2 | - Grep for 'XXX' comments and fix | 17 | - Grep for 'XXX' comments and fix |
| 3 | 18 | ||
| 4 | - Link order is incorrect for some systems using Kerberos 4 and AFS. Result | 19 | - Link order is incorrect for some systems using Kerberos 4 and AFS. Result |
| @@ -21,8 +36,9 @@ Programming: | |||
| 21 | and maybe support alternate forms of authentications like OPIE via | 36 | and maybe support alternate forms of authentications like OPIE via |
| 22 | pam? | 37 | pam? |
| 23 | 38 | ||
| 24 | - Rework PAM ChallengeResponseAuthentication | 39 | - Improve PAM ChallengeResponseAuthentication |
| 25 | - Use kbdint request packet with 0 prompts for informational messages | 40 | - Informational messages |
| 41 | - chauthtok | ||
| 26 | - Use different PAM service name for kbdint vs regular auth (suggest from | 42 | - Use different PAM service name for kbdint vs regular auth (suggest from |
| 27 | Solar Designer) | 43 | Solar Designer) |
| 28 | - Ability to select which ChallengeResponseAuthentications may be used | 44 | - Ability to select which ChallengeResponseAuthentications may be used |
| @@ -35,70 +51,17 @@ Programming: | |||
| 35 | - Finish integrating kernel-level auditing code for IRIX and SOLARIS | 51 | - Finish integrating kernel-level auditing code for IRIX and SOLARIS |
| 36 | (Gilbert.r.loomis@saic.com) | 52 | (Gilbert.r.loomis@saic.com) |
| 37 | 53 | ||
| 38 | - sftp-server: Rework to step down to 32bit ints if the platform | ||
| 39 | lacks 'long long' == 64bit (Notable SCO w/ SCO compiler) | ||
| 40 | |||
| 41 | - Linux hangs for 20 seconds when you do "sleep 20&exit". All current | ||
| 42 | solutions break scp or leaves processes hanging around after the ssh | ||
| 43 | connection has ended. It seems to be linked to two things. One | ||
| 44 | select() under Linux is not as nice as others, and two the children | ||
| 45 | of the shell are not killed on exiting the shell. | ||
| 46 | A short run-down of what happens: | ||
| 47 | - The shell starts up, and starts its own session. As a side-effect, it | ||
| 48 | gets its own process group. | ||
| 49 | - The child forks off sleep, and because it's in the background, puts it | ||
| 50 | into its own process group. The sleep command inherits a copy of the | ||
| 51 | shell's descriptor for the tty as its stdout. | ||
| 52 | - The shell exits, but doesn't SIGHUP all of its child PIDs like it probably | ||
| 53 | should(?) | ||
| 54 | - The sshd server attempts to read from the master side of the pty, and | ||
| 55 | while there are still process with the pty open, no EOF is produced. | ||
| 56 | - The sleep command exits, closes its descriptor, sshd detects the EOF, and | ||
| 57 | the connection gets closed. | ||
| 58 | Ways we've tried fixing this in sshd, and why they didn't work out: | ||
| 59 | - SIGHUP the sshd's process group. | ||
| 60 | - The shell is in its own process group. | ||
| 61 | - Track process group IDs of all children before we reap them (via an extra | ||
| 62 | field in Session structures which holds the pgid for each child pid), and | ||
| 63 | SIGHUP the pgid when we reap. | ||
| 64 | - Background commands are in yet another process group. | ||
| 65 | - Close the connection when the child dies. | ||
| 66 | - Background commands may need to write data to the connection. Also | ||
| 67 | prematurely truncates output from some commands (scp server, the | ||
| 68 | famous "dd if=/dev/zero bs=1000 count=100" case). | ||
| 69 | Known workarounds: | ||
| 70 | - bash: shopt huponexit on | ||
| 71 | - tcsh: none | ||
| 72 | - zsh: setopt HUP (usually the default setting) | ||
| 73 | (taken from email from Jason Stone to openssh-unix-dev, 5 May 2001) | ||
| 74 | - pdksh: ? | ||
| 75 | This appears to affect NetKit rsh under Linux as well: it behaves the same | ||
| 76 | with 'sleep 20 & exit'. | ||
| 77 | |||
| 78 | - Build an automated test suite | ||
| 79 | |||
| 80 | - 64-bit builds on HP-UX 11.X (stevesk@pobox.com): | 54 | - 64-bit builds on HP-UX 11.X (stevesk@pobox.com): |
| 81 | - utmp/wtmp get corrupted (something in loginrec?) | 55 | - utmp/wtmp get corrupted (something in loginrec?) |
| 82 | - can't build with PAM (no 64-bit libpam yet) | 56 | - can't build with PAM (no 64-bit libpam yet) |
| 83 | 57 | ||
| 84 | Documentation: | ||
| 85 | - More and better | ||
| 86 | |||
| 87 | - Install FAQ? | ||
| 88 | |||
| 89 | - General FAQ on S/Key, TIS, RSA, RSA2, DSA, etc and suggestions on when it | ||
| 90 | would be best to use them. | ||
| 91 | |||
| 92 | - Create a Documentation/ directory? | ||
| 93 | |||
| 94 | Clean up configure/makefiles: | 58 | Clean up configure/makefiles: |
| 95 | - Clean up configure.ac - There are a few double #defined variables | 59 | - Clean up configure.ac - There are a few double #defined variables |
| 96 | left to do. HAVE_LOGIN is one of them. Consider NOT looking for | 60 | left to do. HAVE_LOGIN is one of them. Consider NOT looking for |
| 97 | information in wtmpx or utmpx or any of that stuff if it's not detected | 61 | information in wtmpx or utmpx or any of that stuff if it's not detected |
| 98 | from the start | 62 | from the start |
| 99 | 63 | ||
| 100 | - Fails to compile when cross compile. | 64 | - Fails to compile when cross compile. (vinschen@redhat.com) |
| 101 | (vinschen@redhat.com) | ||
| 102 | 65 | ||
| 103 | - Replace the whole u_intXX_t evilness in acconfig.h with something better??? | 66 | - Replace the whole u_intXX_t evilness in acconfig.h with something better??? |
| 104 | - Do it in configure.ac | 67 | - Do it in configure.ac |
| @@ -118,7 +81,6 @@ Packaging: | |||
| 118 | - HP-UX: Provide DEPOT package scripts. | 81 | - HP-UX: Provide DEPOT package scripts. |
| 119 | (gilbert.r.loomis@saic.com) | 82 | (gilbert.r.loomis@saic.com) |
| 120 | 83 | ||
| 121 | |||
| 122 | PrivSep Issues: | 84 | PrivSep Issues: |
| 123 | - mmap() issues. | 85 | - mmap() issues. |
| 124 | + /dev/zero solution (Solaris) | 86 | + /dev/zero solution (Solaris) |
| @@ -127,11 +89,11 @@ PrivSep Issues: | |||
| 127 | - PAM | 89 | - PAM |
| 128 | + See above PAM notes | 90 | + See above PAM notes |
| 129 | - AIX | 91 | - AIX |
| 130 | + usrinfo() does not set TTY, but only required for legicy systems. Works | 92 | + usrinfo() does not set TTY, but only required for legacy systems. Works |
| 131 | with PrivSep. | 93 | with PrivSep. |
| 132 | - OSF | 94 | - OSF |
| 133 | + SIA is broken | 95 | + SIA is broken |
| 134 | - Cygwin | 96 | - Cygwin |
| 135 | + Privsep for Pre-auth only (no fd passing) | 97 | + Privsep for Pre-auth only (no fd passing) |
| 136 | 98 | ||
| 137 | $Id: TODO,v 1.53 2003/01/12 23:00:34 djm Exp $ | 99 | $Id: TODO,v 1.55 2003/06/11 13:56:41 dtucker Exp $ |