sudo password non standard? visible in emacs shell
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| sudo (Ubuntu) |
New
|
Undecided
|
Unassigned | ||
Bug Description
Binary package hint: sudo
I see that recently instead of just asking for a password, sudo shows:
[sudo] password for username:
(where username is the current user)
I upgraded from 6.06 to 6.10 and then from 6.10 to 7.10 so I'm not sure when this began.
I'm guessing this is done so users are not confused which password they are asked for. (Although, if you ask me, sudo-enabled account holders better know what they are doing). This is perhaps nice.
However, it apparently is not done correctly (and I'm not exactly sure of the technical details), because when used within emacs shell (envoked via "M-x shell") the password appears in plain text in the shell unlike the usual appearance as dots in the emacs minibuffer.
Please fix this! I mark it as security vulberability since it is exposing my pass in clear text.
| kmt (kmt-ftml) wrote | #1 |
Now I see that this is related to:
https:/
and
https:/
and may have been fixed. If so shouldn't the new version be pushed to users immediately?