Bug 144440

Summary: root's password revealed when I enter a command from sudo with & at the end on terminal
Product: [Applications] konsole Reporter: athanasiou mihalis <mihalisla>
Component: generalAssignee: Konsole Developer <konsole-devel>
Status: RESOLVED NOT A BUG    
Severity: normal    
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Ubuntu   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description athanasiou mihalis 2007-04-20 02:52:01 UTC 
Version:            (using KDE KDE 3.5.5)
Installed from:    Ubuntu Packages
OS:                Linux

when i enter a command from konsole with sudo in front and the & prefix at the end of the closet iget a prompt for the root's password.As i enter it the passwd is written on the screen .
Comment 1 Robert Knight 2007-04-20 14:27:46 UTC 
Appending the '&' character to the end of a command causes it to run in the background.

In this case sudo prints the "Password:" part of the prompt and goes into the background, and so when you type - you are in fact interacting directly with bash and not actually entering a password into sudo.

For example, run "sudo xyz&" and when the "Password:" text is displayed, type in "ls" and press return - and you can see the output from running the ls command.  To get back to the password prompt, type "fg" in the shell.