diff options
Diffstat (limited to 'crypto/openssh/TODO')
| -rw-r--r-- | crypto/openssh/TODO | 137 |
1 files changed, 0 insertions, 137 deletions
diff --git a/crypto/openssh/TODO b/crypto/openssh/TODO deleted file mode 100644 index de83000f5759..000000000000 --- a/crypto/openssh/TODO +++ /dev/null @@ -1,137 +0,0 @@ -Programming: -- Grep for 'XXX' comments and fix - -- Link order is incorrect for some systems using Kerberos 4 and AFS. Result - is multiple inclusion of DES symbols. Holger Trapp - <holger.trapp@hrz.tu-chemnitz.de> reports that changing the configure - generated link order from: - -lresolv -lkrb -lz -lnsl -lutil -lkafs -lkrb -ldes -lcrypto - to: - -lresolv -lkrb -lz -lnsl -lutil -lcrypto -lkafs -lkrb -ldes - fixing the problem. - -- Write a test program that calls stat() to search for EGD/PRNGd socket - rather than use the (non-portable) "test -S". - -- More platforms for for setproctitle() emulation (testing needed) - -- Handle changing passwords for the non-PAM expired password case - -- Improve PAM support (a pam_lastlog module will cause sshd to exit) - and maybe support alternate forms of authentications like OPIE via - pam? - -- Rework PAM ChallengeResponseAuthentication - - Use kbdint request packet with 0 prompts for informational messages - - Use different PAM service name for kbdint vs regular auth (suggest from - Solar Designer) - - Ability to select which ChallengeResponseAuthentications may be used - and order to try them in e.g. "ChallengeResponseAuthentication skey, pam" - -- Complete Tru64 SIA support - - It looks like we could merge it into the password auth code to cut down - on diff size. Maybe PAM password auth too? - -- Finish integrating kernel-level auditing code for IRIX and SOLARIS - (Gilbert.r.loomis@saic.com) - -- sftp-server: Rework to step down to 32bit ints if the platform - lacks 'long long' == 64bit (Notable SCO w/ SCO compiler) - -- Linux hangs for 20 seconds when you do "sleep 20&exit". All current - solutions break scp or leaves processes hanging around after the ssh - connection has ended. It seems to be linked to two things. One - select() under Linux is not as nice as others, and two the children - of the shell are not killed on exiting the shell. - A short run-down of what happens: - - The shell starts up, and starts its own session. As a side-effect, it - gets its own process group. - - The child forks off sleep, and because it's in the background, puts it - into its own process group. The sleep command inherits a copy of the - shell's descriptor for the tty as its stdout. - - The shell exits, but doesn't SIGHUP all of its child PIDs like it probably - should(?) - - The sshd server attempts to read from the master side of the pty, and - while there are still process with the pty open, no EOF is produced. - - The sleep command exits, closes its descriptor, sshd detects the EOF, and - the connection gets closed. - Ways we've tried fixing this in sshd, and why they didn't work out: - - SIGHUP the sshd's process group. - - The shell is in its own process group. - - Track process group IDs of all children before we reap them (via an extra - field in Session structures which holds the pgid for each child pid), and - SIGHUP the pgid when we reap. - - Background commands are in yet another process group. - - Close the connection when the child dies. - - Background commands may need to write data to the connection. Also - prematurely truncates output from some commands (scp server, the - famous "dd if=/dev/zero bs=1000 count=100" case). - Known workarounds: - - bash: shopt huponexit on - - tcsh: none - - zsh: setopt HUP (usually the default setting) - (taken from email from Jason Stone to openssh-unix-dev, 5 May 2001) - - pdksh: ? - This appears to affect NetKit rsh under Linux as well: it behaves the same - with 'sleep 20 & exit'. - -- Build an automated test suite - -- 64-bit builds on HP-UX 11.X (stevesk@pobox.com): - - utmp/wtmp get corrupted (something in loginrec?) - - can't build with PAM (no 64-bit libpam yet) - -Documentation: -- More and better - -- Install FAQ? - -- General FAQ on S/Key, TIS, RSA, RSA2, DSA, etc and suggestions on when it - would be best to use them. - -- Create a Documentation/ directory? - -Clean up configure/makefiles: -- Clean up configure.ac - There are a few double #defined variables - left to do. HAVE_LOGIN is one of them. Consider NOT looking for - information in wtmpx or utmpx or any of that stuff if it's not detected - from the start - -- Fails to compile when cross compile. - (vinschen@redhat.com) - -- Replace the whole u_intXX_t evilness in acconfig.h with something better??? - - Do it in configure.ac - -- Consider splitting the u_intXX_t test for sys/bitype.h into seperate test - to allow people to (right/wrongfully) link against Bind directly. - -- Consider splitting configure.ac into seperate files which do logically - similar tests. E.g move all the type detection stuff into one file, - entropy related stuff into another. - -Packaging: -- Solaris: Update packaging scripts and build new sysv startup scripts - Ideally the package metadata should be generated by autoconf. - (gilbert.r.loomis@saic.com) - -- HP-UX: Provide DEPOT package scripts. - (gilbert.r.loomis@saic.com) - - -PrivSep Issues: -- mmap() issues. - + /dev/zero solution (Solaris) - + No/broken MAP_ANON (Irix) - + broken /dev/zero parse (Linux) -- PAM - + See above PAM notes -- AIX - + usrinfo() does not set TTY, but only required for legicy systems. Works - with PrivSep. -- OSF - + SIA is broken -- Cygwin - + Privsep for Pre-auth only (no fd passing) - -$Id: TODO,v 1.53 2003/01/12 23:00:34 djm Exp $ |