[Bug 2142721] Re: sudo-rs echos * for every character typed breaking historical security measures older than I am

Thu Mar 5 07:39:57 UTC 2026

Hey @pqwoerituytrueiwoq (sorry if I am pronouncing your name wrong)!

I added a wishlisted bug for this here:
https://bugs.launchpad.net/ubuntu/+source/sudo-common/+bug/2142864

In response to adding a new file - I do think we should avoid that
approach as it is then unclear who's responsible for it, as
/etc/sudoers.d/ is mostly for *other packages* (or administrators) to
plugin sudoers. Then it possible to have some degree of certainty that
when a package is purged, that file is removed as well. A user created
file would remain until it is manually deleted. Additionally, echoing a
file goes around using `visudo` which means that users may end up with
an invalid config if the line is mistyped.

Mainly, I would argue that the primary change should be to serve in
notifying users that the behavior is intended, and that they can revert
it. I don't think most users need any more guidance provided that they
are aware of the correct setting and recommended way of editing sudoers.
Athough, thanks for the suggestion. Ideas of improvement are still
appreciated and I do not want to discourage that.

All the best,
Simon

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to rust-sudo-rs in Ubuntu.
https://bugs.launchpad.net/bugs/2142721

Title:
  sudo-rs echos * for every character typed breaking historical security
  measures older than I am

Status in rust-sudo-rs package in Ubuntu:
  Won't Fix

Bug description:
  Just upgraded 26.04 amd64v3 to sudo-rs 0.2.12-0ubuntu1

  Before this upgrade, as expected, typing a password in a terminal
  echos NOTHING.

  After this upgrade, I get STARS ECHOED.

  WHY?!

  This goes against DECADES of NOT ECHOING THE LENGTH OF THE PASSWORD TO
  SHOULDER SURFERS.

  FIX THIS.

  mike at Ljomi:~$ sudo fuck
  [sudo: authenticate] Password:                                        
  sudo: Authentication failed, try again.
  [sudo: authenticate] Password: *******************************************

  ProblemType: Bug
  DistroRelease: Ubuntu 26.04
  Package: sudo-rs 0.2.12-0ubuntu1
  ProcVersionSignature: Ubuntu 6.18.0-9.9-generic 6.18.5
  Uname: Linux 6.18.0-9-generic x86_64
  NonfreeKernelModules: zfs
  ApportVersion: 2.33.1-0ubuntu3
  Architecture: amd64
  CasperMD5CheckResult: pass
  CurrentDesktop: KDE
  Date: Wed Feb 25 18:52:14 2026
  InstallationDate: Installed on 2024-05-10 (656 days ago)
  InstallationMedia: Ubuntu 24.04 LTS "Noble Numbat" - Release amd64 (20240424)
  RebootRequiredPkgs: Error: path contained symlinks.
  SourcePackage: rust-sudo-rs
  Sudoers:
   Error: command ['pkexec', '/bin/cat', '/etc/sudoers'] failed with exit code 127: Error executing command as another user: Not authorized

   This incident has been reported.
  UpgradeStatus: Upgraded to resolute on 2026-01-19 (38 days ago)
  VisudoCheck:
   Error: command ['pkexec', '/usr/sbin/visudo', '-c'] failed with exit code 127: Error executing command as another user: Not authorized

   This incident has been reported.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rust-sudo-rs/+bug/2142721/+subscriptions