[Bug 2142721] Re: sudo-rs echos * for every character typed breaking historical security measures older than I am

Thu Feb 26 16:08:20 UTC 2026

While I can see the usefulness for _new_ users, people who upgrade
should not have defaults changed in unexpected ways.

uutils has an entire test suite to pass, so I figure at least it'll work
itself out in time.

This is a wholly different beast, password security.

While it is expected for GUI password fields to present circles or stars
for each character typed, it NEVER has been expected on a console.

New installs could present a user whether or not they want CLI password
security, and set this.

The upgrade should not implicitly decide to change over 45 years of
precedence. Instead of saying "upgraders, CHANGE YOUR SUDOERS", simply
set the default to pwfeedback in the distributed sudoers file.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to rust-sudo-rs in Ubuntu.
https://bugs.launchpad.net/bugs/2142721

Title:
  sudo-rs echos * for every character typed breaking historical security
  measures older than I am

Status in rust-sudo-rs package in Ubuntu:
  Won't Fix

Bug description:
  Just upgraded 26.04 amd64v3 to sudo-rs 0.2.12-0ubuntu1

  Before this upgrade, as expected, typing a password in a terminal
  echos NOTHING.

  After this upgrade, I get STARS ECHOED.

  WHY?!

  This goes against DECADES of NOT ECHOING THE LENGTH OF THE PASSWORD TO
  SHOULDER SURFERS.

  FIX THIS.

  mike at Ljomi:~$ sudo fuck
  [sudo: authenticate] Password:                                        
  sudo: Authentication failed, try again.
  [sudo: authenticate] Password: *******************************************

  ProblemType: Bug
  DistroRelease: Ubuntu 26.04
  Package: sudo-rs 0.2.12-0ubuntu1
  ProcVersionSignature: Ubuntu 6.18.0-9.9-generic 6.18.5
  Uname: Linux 6.18.0-9-generic x86_64
  NonfreeKernelModules: zfs
  ApportVersion: 2.33.1-0ubuntu3
  Architecture: amd64
  CasperMD5CheckResult: pass
  CurrentDesktop: KDE
  Date: Wed Feb 25 18:52:14 2026
  InstallationDate: Installed on 2024-05-10 (656 days ago)
  InstallationMedia: Ubuntu 24.04 LTS "Noble Numbat" - Release amd64 (20240424)
  RebootRequiredPkgs: Error: path contained symlinks.
  SourcePackage: rust-sudo-rs
  Sudoers:
   Error: command ['pkexec', '/bin/cat', '/etc/sudoers'] failed with exit code 127: Error executing command as another user: Not authorized

   This incident has been reported.
  UpgradeStatus: Upgraded to resolute on 2026-01-19 (38 days ago)
  VisudoCheck:
   Error: command ['pkexec', '/usr/sbin/visudo', '-c'] failed with exit code 127: Error executing command as another user: Not authorized

   This incident has been reported.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rust-sudo-rs/+bug/2142721/+subscriptions