TODO revision 113908
12089SsosProgramming: 216565Ssos- Grep for 'XXX' comments and fix 32089Ssos 42089Ssos- Link order is incorrect for some systems using Kerberos 4 and AFS. Result 52089Ssos is multiple inclusion of DES symbols. Holger Trapp 62089Ssos <holger.trapp@hrz.tu-chemnitz.de> reports that changing the configure 72089Ssos generated link order from: 82089Ssos -lresolv -lkrb -lz -lnsl -lutil -lkafs -lkrb -ldes -lcrypto 95994Ssos to: 105994Ssos -lresolv -lkrb -lz -lnsl -lutil -lcrypto -lkafs -lkrb -ldes 112089Ssos fixing the problem. 122089Ssos 132089Ssos- Write a test program that calls stat() to search for EGD/PRNGd socket 142089Ssos rather than use the (non-portable) "test -S". 152089Ssos 162089Ssos- More platforms for for setproctitle() emulation (testing needed) 172089Ssos 182089Ssos- Handle changing passwords for the non-PAM expired password case 192089Ssos 202089Ssos- Improve PAM support (a pam_lastlog module will cause sshd to exit) 212089Ssos and maybe support alternate forms of authentications like OPIE via 222089Ssos pam? 232089Ssos 242089Ssos- Rework PAM ChallengeResponseAuthentication 252089Ssos - Use kbdint request packet with 0 prompts for informational messages 262089Ssos - Use different PAM service name for kbdint vs regular auth (suggest from 272089Ssos Solar Designer) 282089Ssos - Ability to select which ChallengeResponseAuthentications may be used 2930764Scharnier and order to try them in e.g. "ChallengeResponseAuthentication skey, pam" 3030764Scharnier 3148105Syokota- Complete Tru64 SIA support 3230764Scharnier - It looks like we could merge it into the password auth code to cut down 3330764Scharnier on diff size. Maybe PAM password auth too? 342089Ssos 3530764Scharnier- Finish integrating kernel-level auditing code for IRIX and SOLARIS 362089Ssos (Gilbert.r.loomis@saic.com) 3723457Sbrian 3830764Scharnier- sftp-server: Rework to step down to 32bit ints if the platform 3923702Speter lacks 'long long' == 64bit (Notable SCO w/ SCO compiler) 402089Ssos 412089Ssos- Linux hangs for 20 seconds when you do "sleep 20&exit". All current 422089Ssos solutions break scp or leaves processes hanging around after the ssh 4323457Sbrian connection has ended. It seems to be linked to two things. One 442089Ssos select() under Linux is not as nice as others, and two the children 452089Ssos of the shell are not killed on exiting the shell. 462089Ssos A short run-down of what happens: 472089Ssos - The shell starts up, and starts its own session. As a side-effect, it 482089Ssos gets its own process group. 492089Ssos - The child forks off sleep, and because it's in the background, puts it 506628Ssos into its own process group. The sleep command inherits a copy of the 512089Ssos shell's descriptor for the tty as its stdout. 526047Ssos - The shell exits, but doesn't SIGHUP all of its child PIDs like it probably 532089Ssos should(?) 542089Ssos - The sshd server attempts to read from the master side of the pty, and 552089Ssos while there are still process with the pty open, no EOF is produced. 562089Ssos - The sleep command exits, closes its descriptor, sshd detects the EOF, and 5730764Scharnier the connection gets closed. 586628Ssos Ways we've tried fixing this in sshd, and why they didn't work out: 596628Ssos - SIGHUP the sshd's process group. 6030764Scharnier - The shell is in its own process group. 6130764Scharnier - Track process group IDs of all children before we reap them (via an extra 6239361Sabial field in Session structures which holds the pgid for each child pid), and 6339361Sabial SIGHUP the pgid when we reap. 6430764Scharnier - Background commands are in yet another process group. 656628Ssos - Close the connection when the child dies. 666628Ssos - Background commands may need to write data to the connection. Also 672089Ssos prematurely truncates output from some commands (scp server, the 682089Ssos famous "dd if=/dev/zero bs=1000 count=100" case). 692089Ssos Known workarounds: 702089Ssos - bash: shopt huponexit on 712089Ssos - tcsh: none 7230764Scharnier - zsh: setopt HUP (usually the default setting) 732089Ssos (taken from email from Jason Stone to openssh-unix-dev, 5 May 2001) 742089Ssos - pdksh: ? 752089Ssos This appears to affect NetKit rsh under Linux as well: it behaves the same 762089Ssos with 'sleep 20 & exit'. 772089Ssos 782089Ssos- Build an automated test suite 796628Ssos 806628Ssos- 64-bit builds on HP-UX 11.X (stevesk@pobox.com): 816628Ssos - utmp/wtmp get corrupted (something in loginrec?) 822089Ssos - can't build with PAM (no 64-bit libpam yet) 832089Ssos 842089SsosDocumentation: 852089Ssos- More and better 862089Ssos 872089Ssos- Install FAQ? 882089Ssos 892089Ssos- General FAQ on S/Key, TIS, RSA, RSA2, DSA, etc and suggestions on when it 902089Ssos would be best to use them. 912089Ssos 922089Ssos- Create a Documentation/ directory? 932089Ssos 942089SsosClean up configure/makefiles: 952089Ssos- Clean up configure.ac - There are a few double #defined variables 962089Ssos left to do. HAVE_LOGIN is one of them. Consider NOT looking for 972089Ssos information in wtmpx or utmpx or any of that stuff if it's not detected 982089Ssos from the start 992089Ssos 1002089Ssos- Fails to compile when cross compile. 1012089Ssos (vinschen@redhat.com) 1022089Ssos 1032089Ssos- Replace the whole u_intXX_t evilness in acconfig.h with something better??? 10423457Sbrian - Do it in configure.ac 1052089Ssos 1062089Ssos- Consider splitting the u_intXX_t test for sys/bitype.h into seperate test 1072089Ssos to allow people to (right/wrongfully) link against Bind directly. 1082089Ssos 1092089Ssos- Consider splitting configure.ac into seperate files which do logically 1102089Ssos similar tests. E.g move all the type detection stuff into one file, 1112089Ssos entropy related stuff into another. 1122089Ssos 11323457SbrianPackaging: 11423457Sbrian- Solaris: Update packaging scripts and build new sysv startup scripts 1152089Ssos Ideally the package metadata should be generated by autoconf. 1162089Ssos (gilbert.r.loomis@saic.com) 1172089Ssos 11830764Scharnier- HP-UX: Provide DEPOT package scripts. 1192089Ssos (gilbert.r.loomis@saic.com) 1202089Ssos 1212089Ssos 12223457SbrianPrivSep Issues: 1232089Ssos- mmap() issues. 1242089Ssos + /dev/zero solution (Solaris) 12530764Scharnier + No/broken MAP_ANON (Irix) 12623457Sbrian + broken /dev/zero parse (Linux) 1272089Ssos- PAM 1282089Ssos + See above PAM notes 1292089Ssos- AIX 1302089Ssos + usrinfo() does not set TTY, but only required for legicy systems. Works 13130764Scharnier with PrivSep. 13223457Sbrian- OSF 1332089Ssos + SIA is broken 1342089Ssos- Cygwin 1352089Ssos + Privsep for Pre-auth only (no fd passing) 1362089Ssos 1372089Ssos$Id: TODO,v 1.53 2003/01/12 23:00:34 djm Exp $ 1386628Ssos