Ubuntu 26.04 Ends 46 Years of Silent sudo Passwords

pbxscience.com - 216 poäng - 248 kommentarer - 53674 sekunder sedan

Kommentarer (51)

koolba - 2635 sekunder sedan
Somebody tell Apple to fix the login screen for MacOS as well. If your password is longer than the incredibly narrow box, you do not get any additional feedback that your characters are being entered.
Combine that with a flaky keyboard (say from a single grain of dust where it shouldn’t be) and you get a very annoying login experience. Over and over…
written-beyond - 46712 sekunder sedan
The number of times I've been stuck wondering if my keystrokes are registering properly for a sudo prompt over a high latency ssh connection.
These servers I had an account setup too were, from what I observed, partially linked with the authentication mechanism used by the VPN and IAM services. Like they'd have this mandatory password reset process and sometimes sudo was set to that new password, other times it was whatever was the old one. Couple that with the high latency connection and password authentication was horrible. You would never know if you mistyped something, or the password itself was incorrect or the password you pasted went through or got double pasted.
I think this is a great addition, but only if it leads to redhat adopting it which is what they were running on their VMs.
wpm - 546 sekunder sedan
So, the article says that sudo hid the password by default because of shared terminals and so on.
I would've thought it would've been a simple carry over from before terminals were glass. Like, yeah, I get up from a glass terminal and someone else goes to use it, but wouldn't the scrollback be cleared when I log out? But silent logins from before glass terminals makes a ton of sense; it would literally print your typed characters on a real, physical medium. having
```
    login: cool_user
    password: hunter2
```
sitting on a printout in a trash can? Yeah, obvious security issue.
I dunno, I take them at their word but if you had asked me why password prompts in the terminal don't echo, I would've guessed it was a carry-over from the days of real teletype terminals.
b0ringdeveloper - 19175 sekunder sedan
Someone should make a joke version that replaces the ***s with comedic passwords or ridiculously bad ones: When you're typing your real password, "iloveyouiloveyou", "12345612345", or "hunter42hunter.." gets printed to the screen.
0xbadcafebee - 10208 sekunder sedan
They could have just made it an option to enable the new behavior. There was no need to change the default.
As for security: 'shoulder surfing' may not be as much of a concern, but watching a livestream or presentation of someone who uses sudo will now expose the password length over the internet (and it's recorded for posterity, so all the hackers can find it later!). They've just introduced a new vulnerability to the remote world.
dtech - 44405 sekunder sedan
This is such a good decision. It's one of those things that's incredibly confusing initially, but you get so used to it over the years, I even forgot it was a quirk.
In the modern world there is no plausible scenario where this would compromise a password that wouldn't otherwise also be compromised with equivalent effort.
JoshTriplett - 5020 sekunder sedan
I'm glad to see this change. This was already the case for GUI password prompts, and I'm happy to see terminals following suit.
This wasn't someone seeing Chesterton's fence and deciding to knock it down thoughtlessly. This is a change that someone can in fact think all the way through and say "yeah, this should be changed, it's an improvement and doesn't cause any meaningful reduction in security".
Tepix - 45626 sekunder sedan
Why not just display a single character out of a changing set of characters such as / - \ | (starting with a random one from the set) after every character entered? That way you can be certain whether or not you entered a character but and observer can‘t tell how many characters your password has.
mzajc - 4001 sekunder sedan
A few years ago, [0] made the following point in regards to password input feedback:
> For a time, there was rich pickings in applications that accepted passwords in unbuffered mode. Many of them doing it so that they could echo "*" symbols, character by character, as the user typed. That simple feature looks cool, and does give the user feedback ... but would leak the keystroke rate, which is the last thing you want on password entry.
This was in response to keystroke timing defense on SSH. Does this feature still come with the risk of leaking keystroke timing to an attacker with recent OpenSSH/Dropbear versions? If so, it might be wise to keep it disabled on servers.
[0]: https://news.ycombinator.com/item?id=37309122
goodcanadian - 39635 sekunder sedan
Fascinating . . . reading the comments, it seems like the vast majority think this is a long overdue change. For myself, it never occurred to me that there was any issue and I'm slightly unsettled by the change (i.e. it is far from obvious to me that it's a good thing). It is not something I've thought deeply about, of course.
pvillano - 7878 sekunder sedan
How much information is there in knowing the length of someone's password?
If we know the password's length, it saves us from guessing any shorter passwords. For example, for a numeric password, knowing the length is 4 saves us from having to guess [blank], 0-9, 00-99 and 000-999. This lowers the number of possibilities from 1111 to 1000. The password has 90% of it's original strength. A [0-9a-zA-Z] password retains 98% of it's original strength
throwatdem12311 - 2339 sekunder sedan
I switched back to GNU coreutils and “regular” sudo, so I’m assuming this won’t affect me when I upgrade?
timhh - 44553 sekunder sedan
I did this!
I didn't actually know that Mint had enabled this by default. That would have been a useful counterpoint to the naysayers.
If you want the original behaviour you don't actually need to change the configuration - they added a patch afterwards so you can press tab and it will hide the password just for that time.
> The catalyst for Ubuntu’s change is sudo-rs
Actually it was me getting sufficiently pissed off at the 2 second delay for invalid passwords in sudo (actually PAM's fault). There's no reason for it (if you think there is look up unix_chkpwd). I tried to fix it but the PAM people have this strange idea that people like the delay. So I gave up on that and thought I may as well try fixing this other UX facepalm too. I doubt it would have happened with the original sudo (and they said as much) so it did require sudo-rs to exist.
I think this is one of the benefits of rewriting coreutils and so on in Rust - people are way more open to fixing long-standing issues. You don't get the whole "why are you overturning 46 years of tradition??" nonsense.
If anyone wants to rewrite PAM in Rust... :-D
https://github.com/linux-pam/linux-pam/issues/778
dhsbdisnd - 1553 sekunder sedan
Seems like a decision made by and for a generation that has no regard and no understanding for UNIX.
SkyeCA - 8626 sekunder sedan
This is a good UX change, one of many UX improvements needed on CLIs.
Not showing feedback on user input is objectively confusing for inexperienced users.
jiehong - 31847 sekunder sedan
This fixes another issue with that if you make a typo in your password, you don't know how many characters you need to delete, but now you would.
Havoc - 36924 sekunder sedan
This was actually the thing that derailed my first attempt at Linux. I was like 14 or 15 and didn’t understand that concept so couldn’t log in lol
prmoustache - 37951 sekunder sedan
How many people with a loud mechanical keyboard shut their microphone to type a password whem sharing their screen in an audio/video call?
leni536 - 47496 sekunder sedan
sudo is not the only thing that prompts for password in the terminal. There is at least passwd and ssh.
I value ctrl+U a lot more for password prompts than the visual feedback, it's even used by GUI on Linux.
Gabrys1 - 6913 sekunder sedan
BTW, you can also enable the PW feedback on the classic sudo. I've done that on one of my hosts
johnisgood - 10019 sekunder sedan
> and further adoption of Rust-based core utilities — including uutils/coreutils
Is it usable now? Do all utilities support all of GNU's features (or most)?
Elhana - 42313 sekunder sedan
Deoxodizing is rather easy for now:
apt install sudo-ws
apt remove coreutils-from-uutils --allow-remove-essential
GuB-42 - 9716 sekunder sedan
Inacceptable! This incident will be reported.
vandyswa - 21358 sekunder sedan
When I wrote the login program for my VSTa microkernel, I took a page from the CDC side of the world--it echoes a _random_ (but small, non-zero) number of *'s. So you get feedback, but indeed peering over your shoulder will not disclose password length.
And yes, it remember how many it echoes so backspace works correctly.
indubioprorubik - 33237 sekunder sedan
The paranoids have had a say in way to many things, way to loud, way to long.
Waterluvian - 8038 sekunder sedan
I kind of hate typing in my password all the time. Is there a way to sacrifice some security and do something like... ask for my password but automatically input it if my phone is detected via Bluetooth? (not connected, just detected).
I don't really want to just disable passwords. I recall that causing technical pains. And this is a desktop PC in my home office and I'm just generally okay with the associated security risks.
sandreas - 36730 sekunder sedan
I'd think this is OK but I'm not sure if another Option to just give feedback of keyboard activity would combine the best of both worlds.
A space with a cursor instead of an asterisk would make it harder to count the Chars
Adding a random 1 to 3 output chars instead of one would obfuscate this even more.
A delayed output could make you submit the password prompt before showing anything.
A single asterisk that switches back to space after 250ms inactivity may even be better.
I don't know, but somehow this feels underthought even if it probably is not. Simple is probably the best approach
GrayHerring - 10330 sekunder sedan
Stop trying to fix what is not broken. If people have issues with latency or typing then the solution is not to "bypass" it.
nathell - 40788 sekunder sedan
The title kind of implies that silent sudo passwords have been a part of Ubuntu for the last 46 years.
wolvoleo - 9739 sekunder sedan
Good!
I always thought it was annoying anyway.
system2 - 6514 sekunder sedan
How many times I pressed backspace more than I typed because holding backspace probably didn't work... This is a good change IMHO. Laggy remote SSH sessions will be slightly better.
stevetron - 17283 sekunder sedan
So now there's a few additional steps when I install a new distribution to make certain that classic sudo is the one installed, rather than sudo-rs
I'm sure someone things this is a good idea, but I do not, and nobody cares what I think. But I come from being a long-time coder who's always been a terrible typist and can't depend on "touch typing" and have to actually look at things, like the keys, and the screen. And handicapped by going blind in one eye, and having arguments with eye doctors who say "get used to it and switch to audio books" and needing 14-point boldface fonts for everything.
Neil44 - 38299 sekunder sedan
They could give feedback about key presses without giving away the password length quite easily
eviks - 47220 sekunder sedan
> sudo password is the same as their login password — one that already appears as visible placeholder dots on the graphical login screen. Hiding asterisks in the terminal while showing them at login is, in the developers’ estimation, security theatre.
So hide the first one as well? But also, that's not true, not all terminal passwords are for local machine
> Confusing — appears frozen
So make it appear flashing? Still doesn't need to reveal length
the__alchemist - 9014 sekunder sedan
JCBP!
burnt-resistor - 21375 sekunder sedan
Secure keyboard tty entry interaction by the terminal should manage this rather than implement it in one app. Another advantage of this method is that such affordances can be generated or silenced locally, and it's code that can be shared when used with passwd, pinentry, etc. and sudo rather than implemented N times.
charcircuit - 43297 sekunder sedan
Modern password ui also gives the option to toggle the actual letters on so you can verify that you are actually typing the right thing. Hopefully that doesn't take another 46 years.
sourcegrift - 46277 sekunder sedan
I've been using a two character password since the last 10 years of my 23 year linux usage; I log in to console and manually start X. Guess the shame will catch up now.
the_real_cher - 15677 sekunder sedan
I've never once thought I wish I could see password characters when typing sudo.
It feels like dumbing down the cli.
But I don't know if this is an elder millenial walk up hill in the snow both ways kind of thing though.
Am I alone in this?
jbverschoor - 48183 sekunder sedan
Weird argument about the logging password forging the same in a gui. Because it certainly it not when logging in using a terminal locale or ssh for that matter
androiddrew - 21858 sekunder sedan
I don’t know why this keeps coming up. Has this been a big deal for everyone else? Like ok usability improvement, but the number of times I have read an article about this is silly.
edf13 - 42263 sekunder sedan
That site is terrible without ads blocked… it’s like a local newspaper site, you had to try and read the content in small snippets wedged between ads!
blfr - 48175 sekunder sedan
Just as you get used to something crazy after two decades, have kids, and are about to unleash it on them, it gets fixed. Will there be no boomer pleasures left for us millennials?
snvzz - 25184 sekunder sedan
If it is a new tool, why not call it something else than sudo?
The expectation with sudo is silent passwords.
b112 - 42051 sekunder sedan
For more than four decades, typing a password after a sudo prompt in a Linux terminal
What?!
2026 minus 46 is 1980. There was no Linux, at all, in 1980.
Someone is quite confused.
devnotes77 - 3458 sekunder sedan
[dead]
chmorgan_ - 5151 sekunder sedan
[dead]
gzread - 47479 sekunder sedan
Good. It's terrible UX.
The security argument is a red herring. It was originally built with no echo because it was easier to turn echo on and off than to echo asterisks. Not for security.
pojntfx - 46480 sekunder sedan
It's fun, leading edge Linux distros (e.g. GNOME OS) are actually currently removing `sudo` completely in favour of `run0` from systemd, which fixes this "properly" by using Polkit & transient systemd units instead of setuid binaries like sudo. You get a UAC-style prompt, can even auth with your fingerprint just like on other modern OSes.
Instead of doing this, Ubuntu is just using a Rust rewrite of sudo. Some things really never change.
exac - 42821 sekunder sedan
Could we not have used braille patterns? Start on a random one and you can just replace the character with the next one so it is possible for the user to see something was entered, but password length isn't given to someone looking over the user's shoulder?
⣾, ⣽, ⣻, ⢿, ⡿, ⣟, ⣯, ⣷
childintime - 43378 sekunder sedan
46 years of silent sudo passwords.. it just demonstrates how crazy this world is, if this is considered news. It means the code is a living fossil and people live with that fact, instead of demanding (infinite and instant) control over their systems.
This reminds me. Linux was already a fossil, except for some niches, but now in the age of AI, the fact that code can't be updated at will (and instead has to go through some medieval social process) is fatal. Soon the age will be here where we generate the necessary OS features on the fly. No more compatibility layers, no more endless abstractions, no more binaries to distribute, no more copyright, no need to worry about how "the others" use their systems, no more bike shedding. Instead, let the system manage itself, it knows best. We'll get endless customization without the ballast.
It's time to set software free from the social enclosures we built around it.