| Programming: |
| - Grep for 'XXX' comments and fix |
| |
| - Link order is incorrect for some systems using Kerberos 4 and AFS. Result |
| is multiple inclusion of DES symbols. Holger Trapp |
| <holger.trapp@hrz.tu-chemnitz.de> reports that changing the configure |
| generated link order from: |
| -lresolv -lkrb -lz -lnsl -lutil -lkafs -lkrb -ldes -lcrypto |
| to: |
| -lresolv -lkrb -lz -lnsl -lutil -lcrypto -lkafs -lkrb -ldes |
| fixing the problem. |
| |
| - Write a test program that calls stat() to search for EGD/PRNGd socket |
| rather than use the (non-portable) "test -S". |
| |
| - More platforms for for setproctitle() emulation (testing needed) |
| |
| - Handle changing passwords for the non-PAM expired password case |
| |
| - Improve PAM support (a pam_lastlog module will cause sshd to exit) |
| and maybe support alternate forms of authentications like OPIE via |
| pam? |
| |
| - Rework PAM ChallengeResponseAuthentication |
| - Use kbdint request packet with 0 prompts for informational messages |
| - Use different PAM service name for kbdint vs regular auth (suggest from |
| Solar Designer) |
| - Ability to select which ChallengeResponseAuthentications may be used |
| and order to try them in e.g. "ChallengeResponseAuthentication skey, pam" |
| |
| - Complete Tru64 SIA support |
| - It looks like we could merge it into the password auth code to cut down |
| on diff size. Maybe PAM password auth too? |
| |
| - Finish integrating kernel-level auditing code for IRIX and SOLARIS |
| (Gilbert.r.loomis@saic.com) |
| |
| - sftp-server: Rework to step down to 32bit ints if the platform |
| lacks 'long long' == 64bit (Notable SCO w/ SCO compiler) |
| |
| - Linux hangs for 20 seconds when you do "sleep 20&exit". All current |
| solutions break scp or leaves processes hanging around after the ssh |
| connection has ended. It seems to be linked to two things. One |
| select() under Linux is not as nice as others, and two the children |
| of the shell are not killed on exiting the shell. |
| A short run-down of what happens: |
| - The shell starts up, and starts its own session. As a side-effect, it |
| gets its own process group. |
| - The child forks off sleep, and because it's in the background, puts it |
| into its own process group. The sleep command inherits a copy of the |
| shell's descriptor for the tty as its stdout. |
| - The shell exits, but doesn't SIGHUP all of its child PIDs like it probably |
| should(?) |
| - The sshd server attempts to read from the master side of the pty, and |
| while there are still process with the pty open, no EOF is produced. |
| - The sleep command exits, closes its descriptor, sshd detects the EOF, and |
| the connection gets closed. |
| Ways we've tried fixing this in sshd, and why they didn't work out: |
| - SIGHUP the sshd's process group. |
| - The shell is in its own process group. |
| - Track process group IDs of all children before we reap them (via an extra |
| field in Session structures which holds the pgid for each child pid), and |
| SIGHUP the pgid when we reap. |
| - Background commands are in yet another process group. |
| - Close the connection when the child dies. |
| - Background commands may need to write data to the connection. Also |
| prematurely truncates output from some commands (scp server, the |
| famous "dd if=/dev/zero bs=1000 count=100" case). |
| Known workarounds: |
| - bash: shopt huponexit on |
| - tcsh: none |
| - zsh: setopt HUP (usually the default setting) |
| (taken from email from Jason Stone to openssh-unix-dev, 5 May 2001) |
| - pdksh: ? |
| This appears to affect NetKit rsh under Linux as well: it behaves the same |
| with 'sleep 20 & exit'. |
| |
| - Build an automated test suite |
| |
| - 64-bit builds on HP-UX 11.X (stevesk@pobox.com): |
| - utmp/wtmp get corrupted (something in loginrec?) |
| - can't build with PAM (no 64-bit libpam yet) |
| |
| Documentation: |
| - More and better |
| |
| - Install FAQ? |
| |
| - General FAQ on S/Key, TIS, RSA, RSA2, DSA, etc and suggestions on when it |
| would be best to use them. |
| |
| - Create a Documentation/ directory? |
| |
| Clean up configure/makefiles: |
| - Clean up configure.ac - There are a few double #defined variables |
| left to do. HAVE_LOGIN is one of them. Consider NOT looking for |
| information in wtmpx or utmpx or any of that stuff if it's not detected |
| from the start |
| |
| - Fails to compile when cross compile. |
| (vinschen@redhat.com) |
| |
| - Replace the whole u_intXX_t evilness in acconfig.h with something better??? |
| |
| - Consider splitting the u_intXX_t test for sys/bitype.h into seperate test |
| to allow people to (right/wrongfully) link against Bind directly. |
| |
| - Consider splitting configure.ac into seperate files which do logically |
| similar tests. E.g move all the type detection stuff into one file, |
| entropy related stuff into another. |
| |
| Packaging: |
| - Solaris: Update packaging scripts and build new sysv startup scripts |
| Ideally the package metadata should be generated by autoconf. |
| (gilbert.r.loomis@saic.com) |
| |
| - HP-UX: Provide DEPOT package scripts. |
| (gilbert.r.loomis@saic.com) |
| |
| |
| PrivSep Issues: |
| - mmap() issues. |
| + /dev/zero solution (Solaris) |
| + No/broken MAP_ANON (Irix) |
| + broken /dev/zero parse (Linux) |
| - PAM |
| + See above PAM notes |
| - AIX |
| + usrinfo() does not set TTY, but only required for legicy systems. Works |
| with PrivSep. |
| - OSF |
| + SIA is broken |
| - Cygwin |
| + Privsep for Pre-auth only (no fd passing) |
| |
| $Id: TODO,v 1.52 2003/01/09 22:53:12 djm Exp $ |