Phillip: This is not the 'Server Security' team, but the Ubuntu Security team. As mentioned earlier in this thread, no other applications in the default server install provide password feedback (eg, console login and ssh). Therefore, a shoulder surfer cannot obtain the password length via those applications. If we add password feedback to sudo on the server, then sudo provides an avenue for enumerating the password length where one did not exist before. This is undesirable.
"Ubuntu is anyway not the safest server environment with much features enabled by default." Please file a separate bug with specifics on what you consider to not be safe in a default server install. -- Entering password in Terminal gives no visual feedback https://bugs.launchpad.net/bugs/194472 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
