$Id: PROBLEMS,v 1.2 2002/05/22 01:22:33 hbo Exp $

Sudoscript is not a perfect solution to the problem of
maintaining an audit trail of root access. It's a compromise
solution to that problem. 

One set of weaknesses has to do with the use of
script(1). Logs produced by this standard Unix command are
quite ugly. This is because script(1) passes all terminal
input and output through to the typescript without any
filtering. On the input side, this means that all control
characters typed by the user appear in the typescript. Any
special characters embedded in the user's prompt also show
up. On the output side, programs like vi that use terminal
capabilities to draw their screens will make a massive hash of
the typescript output.

The following small shell script from the Unix Power Tools
collection uses sed to filter a typescript for common input
control characters:

  #!/bin/sh
  # Public domain.

  # Put CTRL-M in $m and CTRL-H in $b.
  # Change \010 to \177 if you use DEL for erasing.
  eval `echo m=M b=H | tr 'MH' '\015\010'`

  exec sed "s/$m\$//
  :x
  s/[^$b]$b//
  t x" $*

This very simple and rudimentary script actually goes a long
way toward making typescript logs readable, as long as the
user doesn't type 'vi'. I considered and rejected doing
something like this in sudoscriptd. One reason is that the
daemon needs to service the FIFO quickly to avoid dropping
data. But the main reason is I am reluctant to remove data
from a security log. The upshot is you will need to
post-process /var/log/sudoscript to get something useful from
it.
