← Back to team overview

registry team mailing list archive

[Bug 194472] Re: Entering password in Terminal gives no visual feedback

 

Phillip:

This is not the 'Server Security' team, but the Ubuntu Security team. As
mentioned earlier in this thread, no other applications in the default
server install provide password feedback (eg, console login and ssh).
Therefore, a shoulder surfer cannot obtain the password length via those
applications. If we add password feedback to sudo on the server, then
sudo provides an avenue for enumerating the password length where one
did not exist before. This is undesirable.

"Ubuntu is anyway not the safest server environment with much features enabled by default."
Please file a separate bug with specifics on what you consider to not be safe in a default server install.

-- 
Entering password in Terminal gives no visual feedback
https://bugs.launchpad.net/bugs/194472
You received this bug notification because you are a member of Registry
Administrators, which is the registrant for sudo.