> what are the details on this new bug? One week ago I received mail from someone who used my agetty program (flexible login front end for SysV and SunOS), after he had discovered that it would pass on usernames that begin with '-'. I wrote the program in the days of SysV.2, when login did not have any command- line switches, so it had never been a problem there. These days, usernames that begin with '-' can wreak havoc with login programs that have options to disable password checking (-r, -f). I posted a note to various news groups with a small context diff for my agetty source that disabled usernames beginning with '-'. In the next couple of days I received reactions from people who were triggered by this problem. It turned out that most network daemons will pass on usernames that begin with '-'. I guess quite a few are having fun now with telnet -l and rlogin -l. Wietse