>It's a bug. I recall it being found and fixed in AIX many years ago. >Embarassing for Sun that it's still in Solaris, though. It's not "still" in Solaris; it's the first time it occurred in Solaris; it is stupid it did but it's a typical programming error: passing unchecked arguments to a program without escaping special characters. >A quick Google search found Usenet postings about it from 1994; I'm sure >it was known well before then. As far as I remember, the "-f" option to login was a BSDism (4.4?); it did not exist in platforms derived from earlier BSDs when it came to rlogin/rshd. The original rlogind would either run the protocol in in.rlogind and skip login or the protocol was implemented in login itself. Later, the protocol processing was put in rlogind but it always went through login. This code then was reimplemented by an IBM employee in AIX and later also, by the same person, for Linux, giving rise to the first occurrence of the -froot bug. Solaris did add the -f option to login much later but it wasn't until a complete integration of ktelnet was done that this bug arose in Solaris 10. It's just a very usual (and unfortunate) reimplementation of the same bug. Casper
