sudo sometimes fails for me
Clinton MacDonald
yellowdog-general@lists.terrasoftsolutions.com
Sat Mar 27 13:11:01 2004
Patrick:
Thank you for your clear (and rapid!) explanation.
Patrick Smith wrote:
> Clinton MacDonald wrote:
>> It would seem that there was a bug in sudo, such that it assigned a
>> process ID to synaptic *before* asking for my password, then revealed
>> the rest of the transaction in clear text.
>
> sudo didn't reveal your password. You did.
That's it, blame the poor newbie! :-) However, one can imagine that what
I typed seemed like the perfectly natural thing to do.
> The & says 'run "sudo synaptic"' in the background. So now you have two
> processes running: sudo, that wants your password, and your shell, that
> wants a command (hence the shell prompt on the same line as Password).
Okay that makes sense. I don't like it, but it makes sense. :-(
I still argue that the shell/sudo combination should be smarter. Anytime
it asks for a password, it should *NEVER* reveal it in plain text.
Otherwise, in this age of keyboard recording spyware and such, it
shouldn't even pretend to be secure. It could fail gracefully (or not
gracefully), but *NEVER* reveal that password.
Hmmphf. Who's in charge of these things? ;-)
> If you really want to do this, try instead
>
> sudo sh -c 'synaptic&'
Alright, that looks interesting. I have no idea what it means, but I
will certainly give it a try. Like many of my mistakes, it will give me
an opportunity to learn something new.
Thanks!
Best wishes,
Clint
("Linux: more than enough rope.")
--
Dr. Clinton C. MacDonald | <mailto:clint DOT macdonald AT sbcglobal DOT net>