[Bug 2142721] Re: sudo-rs echos * for every character typed breaking historical security measures older than I am

Seth Arnold 2142721 at bugs.launchpad.net
Tue Mar 3 21:14:51 UTC 2026 

Please note, unless you've got a *very* unique setup, anyone who is
close enough to see see asterisks on your screen is also close enough to
hear your typing (perhaps even with the same telephoto lens), see your
screen wobble, and so on.

Furthermore, the password length should not matter for your security. If
it does, your password is too short or your PBKDF is too easy. Increase
lengths or costs as appropriate.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to rust-sudo-rs in Ubuntu.
https://bugs.launchpad.net/bugs/2142721

Title:
  sudo-rs echos * for every character typed breaking historical security
  measures older than I am

Status in rust-sudo-rs package in Ubuntu:
  Won't Fix

Bug description:
  Just upgraded 26.04 amd64v3 to sudo-rs 0.2.12-0ubuntu1

  Before this upgrade, as expected, typing a password in a terminal
  echos NOTHING.

  After this upgrade, I get STARS ECHOED.

  WHY?!

  This goes against DECADES of NOT ECHOING THE LENGTH OF THE PASSWORD TO
  SHOULDER SURFERS.

  FIX THIS.

  mike at Ljomi:~$ sudo fuck
  [sudo: authenticate] Password:                                        
  sudo: Authentication failed, try again.
  [sudo: authenticate] Password: *******************************************

  ProblemType: Bug
  DistroRelease: Ubuntu 26.04
  Package: sudo-rs 0.2.12-0ubuntu1
  ProcVersionSignature: Ubuntu 6.18.0-9.9-generic 6.18.5
  Uname: Linux 6.18.0-9-generic x86_64
  NonfreeKernelModules: zfs
  ApportVersion: 2.33.1-0ubuntu3
  Architecture: amd64
  CasperMD5CheckResult: pass
  CurrentDesktop: KDE
  Date: Wed Feb 25 18:52:14 2026
  InstallationDate: Installed on 2024-05-10 (656 days ago)
  InstallationMedia: Ubuntu 24.04 LTS "Noble Numbat" - Release amd64 (20240424)
  RebootRequiredPkgs: Error: path contained symlinks.
  SourcePackage: rust-sudo-rs
  Sudoers:
   Error: command ['pkexec', '/bin/cat', '/etc/sudoers'] failed with exit code 127: Error executing command as another user: Not authorized
   
   This incident has been reported.
  UpgradeStatus: Upgraded to resolute on 2026-01-19 (38 days ago)
  VisudoCheck:
   Error: command ['pkexec', '/usr/sbin/visudo', '-c'] failed with exit code 127: Error executing command as another user: Not authorized
   
   This incident has been reported.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rust-sudo-rs/+bug/2142721/+subscriptions

More information about the foundations-bugs mailing list