Kevin Johnson writes: :The rlogind on my machine (a Motorola r32 box) using the shadow 3.3.x :package does not exhibit the bug. I'm wondering if it's a composite :bug between certain implementations of rlogind and login. I am of the :opinion that this is an important point to resolve due to the variety :of alternative implementations of rlogind and login out there... Yes, it's a composite problem. The shadow-3.3.X login program makes all the correct tests. it's not directly the fault of the code in lmain.c. However: it makes one basic assumption .. and that is that processes that are already running as root will not allow users to specify arguments to the login program (reasonable, I guess). However, many of the getty and rlogind/telnetd programs that are "out there" seem to not have the same view. Some getty/rlogind/telnetd daemons that I've seen on systems nearby correctly filter out user-specified arguments beginning with "-". Ultrix seems to be one. The ttymon program that's used in SVR4 systems is another. Weitse (sp?) posted a patch to his "agetty" a few days ago to correct his version to strip leading "-" arguments. -Peter -- Peter Wemm <peter@DIALix.oz.au> - NIC Handle: PW65 - The keeper of "NN" "My computer is better than your computer" - Anonymous (Overheard, shortly after the creation of the second computer....)