*** This bug is a security vulnerability ***
You have been subscribed to a public security bug by Jamie Strandboge
(jdstrand):
Binary package hint: sudo
I have my Ubuntu 8.10 up to date (as in now) and I was trying a command
(any command will do) with the wrong user (not a sudoer) under the sudo
root-like privileges
I would expect something like this if I type the wrong password:
[EMAIL PROTECTED]:~$ sudo su -
[sudo] password for bzruser:
Sorry, try again.
[sudo] password for bzruser:
Sorry, try again.
[sudo] password for bzruser:
Sorry, try again.
sudo: 3 incorrect password attempts
Or this, if I do not type any password (just press enter):
[EMAIL PROTECTED]:~$ sudo su -
[sudo] password for bzruser:
Or this, if I am not a sudoer:
[EMAIL PROTECTED]:~$ sudo su -
[sudo] password for bzruser:
bzruser is not in the sudoers file. This incident will be reported.
But instead, what I get is a never ending...
[sudo] password for bzruser:
No matter how many times I type or not the password, right or wrong...
until I press a ^C (Ctrl+C)
This used to work fine up until 8.04
** Affects: sudo (Ubuntu)
Importance: Undecided
Status: Incomplete
--
sudo wont give up asking for you password even after several worng attempts or
if you are not a sudoer
https://bugs.launchpad.net/bugs/293160
You received this bug notification because you are a member of Ubuntu Bugs,
which is a direct subscriber.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
