sudo-rs icon indicating copy to clipboard operation
sudo-rs copied to clipboard
verified publisher icon memorysafety

Adding insults

Open TornaxO7 opened this issue 2 years ago • 11 comments

Describe the feature you'd like see implemented in sudo-rs In general sudo, you can put Defaults insults to get insulted, if you mistyped your password but this doesn't seem to be existing in sudo-rs.

What problem can be solved with this feature? Less laughs.

Describe alternatives you've considered Using sudo instead of sudo-rs.

Additional context

TornaxO7 avatar Jan 21 '24 12:01 TornaxO7

Some examples for users interested in this issue: https://askubuntu.com/questions/837558/where-are-sudos-insults-stored

williamdes avatar Mar 11 '24 09:03 williamdes

I've asked ChatGPT (which I'm not a fan of otherwise) to come up with some insults.

  • "Well, well, well... look who's all thumbs at the keyboard."
  • "I see someone's been taking typing lessons from a sloth."
  • "Guess what? Wrong password again! Your password game is weaker than a newborn kitten."
  • "You must have fingers made of butter, because that password slipped right through."
  • "Congratulations! You've just won the 'Most Consistent Incorrect Password Entry' award."
  • "Did you forget your password or just your brain?"
  • "At this rate, you'll crack the code just in time for the next millennium."
  • "If passwords were wishes, you'd still be out of luck."
  • "Is that your password or a desperate cry for help?"
  • "You're like a broken record, but instead of music, it's the sound of failure."

I think these are all funnier than the original ones, so I'm already not convinced of having those in sudo-rs.

Secondary, insults also doesn't really mesh will with our 'design principles': https://github.com/trifectatechfoundation/sudo-rs/blob/main/CONTRIBUTING.md

However!

I started thinking: why just sudo? Why shouldn't users also be insulted when they mistype their password in say, GDM or login? And that gave me rise to the following logical solution where we won't have to add this to sudo-rs, yet everybody can have the insults they deserve.

Let's make a pam_insult module.

squell avatar Aug 26 '24 15:08 squell

I started thinking: why just sudo? Why shouldn't users also be insulted when they mistype their password in say, GDM or login? And that gave me rise to the following logical solution where we won't have to add this to sudo-rs, yet everybody can have the insults they deserve.

Not gonna lie, that would be even funnier, I think :D

TornaxO7 avatar Aug 26 '24 16:08 TornaxO7

Hacked together this idea using pam_exec, seems to work:

$ sudo ls
[sudo: authenticate] Password: 
[sudo] Did you forget your password or just your brain?

Note that this even looks like it's sudo-rs that's doing the insulting. ;)

And also:

$ login <username>
Password: 
You're like a broken record, but instead of music, it's the sound of failure.

Login incorrect

Of course this behaviour can be restricted to just sudo by putting the appropriate lines not in /etc/pam.d/common-auth but in /etc/pam.d/sudo and /etc/pam.d/sudo-i.

squell avatar Aug 26 '24 17:08 squell

According to the wontfix label, this means that the insulting feature won't be added and I have to apply the changes by myself? So I have to close this issue?

TornaxO7 avatar Aug 26 '24 18:08 TornaxO7

I think the PAM module prototype (it's on GitHub if you know where to look) shows that we can achieve the same functionality without modifying the source code, which I'm sure most people will agree is better than adding it inside the setuid code base.

But given the enthusiastic response this issue got, we should probably address this issue in documentation (such as a FAQ), or squelch the parse error if Defaults insults is encountered, so I'd prefer to keep it upon until we've decided how best to address this.

squell avatar Aug 26 '24 21:08 squell