Adding insults

[TornaxO7]

Describe the feature you'd like see implemented in sudo-rs In general sudo, you can put Defaults insults to get insulted, if you mistyped your password but this doesn't seem to be existing in sudo-rs.

What problem can be solved with this feature? Less laughs.

Describe alternatives you've considered Using sudo instead of sudo-rs.

Additional context

[williamdes]

Some examples for users interested in this issue: https://askubuntu.com/questions/837558/where-are-sudos-insults-stored

[squell]

I've asked ChatGPT (which I'm not a fan of otherwise) to come up with some insults.

• "Well, well, well... look who's all thumbs at the keyboard."
• "I see someone's been taking typing lessons from a sloth."
• "Guess what? Wrong password again! Your password game is weaker than a newborn kitten."
• "You must have fingers made of butter, because that password slipped right through."
• "Congratulations! You've just won the 'Most Consistent Incorrect Password Entry' award."
• "Did you forget your password or just your brain?"
• "At this rate, you'll crack the code just in time for the next millennium."
• "If passwords were wishes, you'd still be out of luck."
• "Is that your password or a desperate cry for help?"
• "You're like a broken record, but instead of music, it's the sound of failure."

I think these are all funnier than the original ones, so I'm already not convinced of having those in sudo-rs.

Secondary, insults also doesn't really mesh will with our 'design principles': https://github.com/trifectatechfoundation/sudo-rs/blob/main/CONTRIBUTING.md

However!

I started thinking: why just sudo? Why shouldn't users also be insulted when they mistype their password in say, GDM or login? And that gave me rise to the following logical solution where we won't have to add this to sudo-rs, yet everybody can have the insults they deserve.

Let's make a pam_insult module.

[TornaxO7]

I started thinking: why just sudo? Why shouldn't users also be insulted when they mistype their password in say, GDM or login? And that gave me rise to the following logical solution where we won't have to add this to sudo-rs, yet everybody can have the insults they deserve.

Not gonna lie, that would be even funnier, I think :D

[squell]

Hacked together this idea using pam_exec, seems to work:

$ sudo ls
[sudo: authenticate] Password: 
[sudo] Did you forget your password or just your brain?

Note that this even looks like it's sudo-rs that's doing the insulting. ;)

And also:

$ login <username>
Password: 
You're like a broken record, but instead of music, it's the sound of failure.

Login incorrect

Of course this behaviour can be restricted to just sudo by putting the appropriate lines not in /etc/pam.d/common-auth but in /etc/pam.d/sudo and /etc/pam.d/sudo-i.

[TornaxO7]

According to the wontfix label, this means that the insulting feature won't be added and I have to apply the changes by myself? So I have to close this issue?

[squell]

I think the PAM module prototype (it's on GitHub if you know where to look) shows that we can achieve the same functionality without modifying the source code, which I'm sure most people will agree is better than adding it inside the setuid code base.

But given the enthusiastic response this issue got, we should probably address this issue in documentation (such as a FAQ), or squelch the parse error if Defaults insults is encountered, so I'd prefer to keep it upon until we've decided how best to address this.