Ubuntu 26.04 ends a 40-year old sudo tradition
5 hours ago
- #sudo
- #Ubuntu
- #security
- Ubuntu 26.04 LTS now shows asterisks when typing a password in sudo, unlike previous versions which showed no feedback.
- This change comes from the switch to sudo-rs, a Rust rewrite of sudo, with the asterisk feedback being a new default in 26.04.
- Historically, sudo hid feedback for security reasons, to prevent shoulder-snooping and password length guessing.
- The sudo-rs developers argue the security benefit of hiding feedback is minimal and that the lack of feedback often confuses users.
- Other password fields on Linux typically show feedback, making sudo's previous behavior an outlier.
- Users can revert to the old behavior by editing /etc/sudoers to include 'Defaults !pwfeedback'.
- The change has sparked debate, with some users unhappy about the departure from decades-old behavior.