registry team mailing list archive

Thread
Date

[Bug 194472] Re: Entering password in Terminal gives no visual feedback

To: registry@xxxxxxxxxxxxxxxxxxx
From: Jamie Strandboge <jamie@xxxxxxxxxx>
Date: Tue, 21 Sep 2010 22:25:13 -0000
Reply-to: Bug 194472 <194472@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Phillip:

This is not the 'Server Security' team, but the Ubuntu Security team. As
mentioned earlier in this thread, no other applications in the default
server install provide password feedback (eg, console login and ssh).
Therefore, a shoulder surfer cannot obtain the password length via those
applications. If we add password feedback to sudo on the server, then
sudo provides an avenue for enumerating the password length where one
did not exist before. This is undesirable.

"Ubuntu is anyway not the safest server environment with much features enabled by default."
Please file a separate bug with specifics on what you consider to not be safe in a default server install.

-- 
Entering password in Terminal gives no visual feedback
https://bugs.launchpad.net/bugs/194472
You received this bug notification because you are a member of Registry
Administrators, which is the registrant for sudo.