Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 244793 - Set passprompt in default /etc/sudoers file
Summary: Set passprompt in default /etc/sudoers file
Status: RESOLVED UPSTREAM
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: High enhancement (vote)
Assignee: Diego Elio Pettenò (RETIRED)
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-10-28 16:55 UTC by Arvind Jayaprakash
Modified: 2008-12-19 20:08 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments
Patch for /usr/portage/app-admin/sudo/files/sudoers (verbose_prompt.patch,478 bytes, patch)
2008-10-28 17:12 UTC, Arvind Jayaprakash
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Arvind Jayaprakash 2008-10-28 16:55:47 UTC
When performing actions that require authentication, I am not sure who is asking for the password. For eg: When I try to mount a samba drive that requires a password, I am not sure which password is being asked for:

$ sudo mount /home/store/oss/
Password:  <---- Which password is this? My password (for sudo) or that of samba?

It would be helpful if the default /etc/sudoers file had some setting like this:
Defaults passprompt="sudo password for [%p] "

While this is not a vulerability, having a better message can help people from guessing which password is being asked. (The flip side is if a malicious program prints out a similar message but that problem exists even with the default prompt).

Reproducible: Always

Steps to Reproduce:
1. sudo -k
2. sudo ls

Actual Results:  
Password:

Expected Results:  
sudo password for [anomalizer]
Comment 1 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-10-28 17:01:53 UTC
Like you said, this is not a vulnerability, so reassigning to sudo maintainer.
Comment 2 Arvind Jayaprakash 2008-10-28 17:12:12 UTC
Created attachment 170128 [details, diff]
Patch for  /usr/portage/app-admin/sudo/files/sudoers
Comment 3 Arvind Jayaprakash 2008-10-28 17:16:50 UTC
Comment on attachment 170128 [details, diff]
Patch for  /usr/portage/app-admin/sudo/files/sudoers

*** /usr/portage/app-admin/sudo/files/sudoers   Thu Nov 16 03:05:25 2006
--- sudoers.1   Tue Oct 28 22:40:17 2008
*************** Defaults        env_reset
*** 28,33 ****
--- 28,36 ----
  # Set default EDITOR to vi, and do not allow visudo to use EDITOR/VISUAL.
  # Defaults    editor=/usr/bin/vim, !env_editor

+ # Set a verbose prompt
+ Defaults passprompt="sudo password for [%p] "
+
  # Runas alias specification

  # *** REMEMBER ***************************************************
Comment 4 Diego Elio Pettenò (RETIRED) gentoo-dev 2008-10-28 17:21:46 UTC
Hrm, I'd move this upstream for them to provide a default prompt different from Password: but I'm not sure if this would work with PAM, I'll have to test it.
Comment 5 Arvind Jayaprakash 2008-10-29 19:00:08 UTC
(In reply to comment #4)
FWIW: I have a PAM based sudo and it does work for me.

This could be a gentoo "convience" until upstream figures if it really wants to change this default.
Comment 6 Diego Elio Pettenò (RETIRED) gentoo-dev 2008-12-19 20:08:19 UTC
I'm sorry but I don't really see much of the point as it is, please report this upstream.