Bug 437092 - Please include [sudo] in password prompt.
Please include [sudo] in password prompt.
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: sudo (Show other bugs)
rawhide
All Linux
low Severity low
: ---
: ---
Assigned To: Peter Vrabec
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-03-12 08:19 EDT by Lennart Poettering
Modified: 2008-03-13 05:32 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-03-13 05:32:52 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Lennart Poettering 2008-03-12 08:19:12 EDT
Debian/Ubuntu these days build sudo with --with-passprompt="[sudo] password for
%p: " which changes the sudo password prompt to include the string [sudo] which
allows the user to recognize *which* password you have to enter when you are
asked for one. This is especially useful if you do commands like "sudo
/usr/bin/passwd foo" where you sometimes are asked for three and sometimes for
two passwords, and you might never know which one is which. This will help users
making sure they don't enter their super-secret password in the wrong prompt,
possibly leaking that information to rogue programs.

Oh, and while we're at it: they also compile sudo with --with-timeout=15 which
in my experience makes sudo a lot more useful, while increasing the risk only
minimally. I think this option would be a good thing in Fedora, too.
Comment 1 Peter Vrabec 2008-03-13 05:32:52 EDT
sudo-1.6.9p13-3.fc9 is built --with-passprompt

timeout=15, hmm I would appreciate some wider consensus about this :) Don't 
you want to start some discussion on fedora-devel? Personally, I don't have 
problems with 5minutes and if I want different timeout I'll set it up in 
sudores.

Note You need to log in before you can comment on or make changes to this bug.