Bug 261

Summary: Password visible when no controlling terminal
Product: Sudo Reporter: Bill Gjestvang <bill-sudo>
Component: SudoAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED INVALID    
Severity: normal    
Priority: low    
Version: 1.7.0   
Hardware: PC   
OS: Linux   

Description Bill Gjestvang 2007-09-13 19:14:42 MDT 
Your password is visible when you type it, if there is no controlling terminal.  This is common if you run ssh with a command:

$ ssh myhost sudo ls
joe@myhost's password: 
[sudo] password for joe:mysecret
bin    usr    var
Connection to myhost closed.

If you use ssh's "-t" option to force the allocation of a tty, it doesn't happen:

$ ssh myhost sudo ls
joe@myhost's password: 
[sudo] password for joe:
bin    usr    var
Connection to myhost closed.
Comment 1 Todd C. Miller 2007-09-13 21:10:23 MDT 
This is not a bug.  It is impossible to turn off echo when there is no tty present.  You can set the require_tty option if you don't want sudo to run without a tty.