| ▲ | munch117 an hour ago | |
I'm slightly taken aback by the telnetd fix: The solution to the username "-f root" being interpreted as two arguments to /usr/bin/login is to add a "sanitize" function, really? I'm not seeing the sense in that. Surely in any case where the sanitize functions changes something, the login will fail. Better to error out early than to sanitize and try to hobble along. What I'd like to know is how the arguments get interpreted like that in the first place. If I try giving that kind of argument /usr/bin/login directly, its argument parser chides me: | ||
| ▲ | pwg an hour ago | parent [-] | |
You passed '-f root' to login (a single long string). telnetd is likely passing '-f' 'root' to login (two arguments instead of one, whether this is because it creates two, or it uses the shell (which then reparses) I don't know). But '-f' is a valid option to login (man login): login [-p] [-h host] [-H] [-f username|username] ... -f Used to skip a login authentication. This option is usually used by the getty(8) autologin feature. | ||