Bug 911

Summary: Pasting sudo password results in failed login
Product: Sudo Reporter: cadweed_chirography_sanities
Component: SudoAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED WONTFIX    
Severity: normal    
Priority: low    
Version: 1.8.29   
Hardware: PC   
OS: Linux   

Description cadweed_chirography_sanities 2019-12-13 15:03:58 MST 
Usecase:
I usually log in into my remote hosts via ssh keys (encrypted) and as an added security measure i use a different password for sudo privilege escalation.

The root user is locked and my login user is only accessible via ssh keys.


Problem introduction:
Some time ago i started not being able to copy and paste the password from my password manager (keepassxc) into the sudo password prompt (on the remote machine which i access via ssh), unfortunately i'm not able to identify the specific release that introduced this issue. After pasting the password in and pressing enter the login fails.

Why don't i just type in the password? Well i use strong passwords >=256 characters (ExtendedASCII included) and its not feasible in a timely manner to type them in. (I use keepassxc in order to keep them safe and generate a new one very often)

Expected behavior:
The user should be able to paste the password in the prompt.

Security implications:
It doesn't have to be implemented by default, it could also be a separate setting.
Comment 1 Todd C. Miller 2019-12-13 17:30:00 MST 
This is probably because sudo is using a 256 byte buffer when reading input.  If your password is > 255 chars you won't be able to enter it.
Comment 2 cadweed_chirography_sanities 2019-12-14 06:24:05 MST 
(In reply to Todd C. Miller from comment #1)
> This is probably because sudo is using a 256 byte buffer when
> reading input.  If your password is > 255 chars you won't be able to
> enter it.

 Reducing the length of the password seems to work. I wasn't able though to go over 170 chars though. I don't know how ExtendedASCII characters are encoded on linux but if they use up 12 bit that cap makes sense.


256 bytes (2048bit) / 12bit =  ~170 characters

Being a edge usecase i guess there's no point in fixing it, i will just stick with shorter passwords.

Thanks for the help! Have a nice day.