Comment 74 for bug 194472

The security team has consensus for the security impact which I will detail in this comment. As developers, we have other concerns which will hopefully also be considered, and we will comment separately.

There are security implications to visual feedback of passwords. The security team feels this approach is wrong for all Ubuntu applications. We recognize this stance is contentious and may be impractical when considering some upstream applications.

For sudo and the current state of applications as included in Ubuntu, we feel enabling password feedback in sudo:
1. has a security impact on the server where no other application gives password feedback. We strongly discourage changing the behavior on server installs
2. has no significant security impact on desktop installs when the screensaver, policykit, gksu, and gdm (kdm?) all give feedback. As mentioned in comment #60, the asterisks are removed after pressing Enter, but it is recommended that this happens for all of gnome-terminal, konsole, xfce4-terminal and xterm (and any others people would like to test). We do not want visual feedback saved in scrollback or history.

If this must be implemented at all:
1. we should not have separate sudo packages with different /etc/sudoers files for different installs. This is too difficult to audit.
2. /etc/sudoers should not be touched (on upgrades or otherwise) since this could lead to severe security (and other) consequences
3. the sudo configuration should only be adjusted for new desktop installs

One way to achieve 1-3 is to closely look at the /etc/sudoers.d mechanism, since it is designed for this sort of thing.