             This a problem with the way login parses it arguments as passed by rlogind
             allows access to the root account. The problem is the ability of login to parse the
             command line option -fUSER as -f USER. Now, whether you can sneak -fUSER
             to your login program depends on your rlogind. Rlogind basically comes in two
             incarnations: 

             old_style: rologind establishes connection, allocates pty and calls login with -r .
             No way to sneak something to login on the command line (except with getty,
             when it passes usernames starting with a -). The login program will the do the
             rlogin protocol over stin/stuot. 

             new_style: rlogin establishes the connection, allocates pty *and* does the rlogin
             protocol. If the remote user is authenticated, login is called like this (with exec, so
             each token is one argument, never more) 

                     login -p -h  -f lusername

             when login is not authenticated, login is called like this: 

                     login -p -h  lusername

             Now, if -f expects an argument (getops string f:), you can specify "-fuser" as a
             remote loginname, and remote is called as 

                     login -p -h  -flusername

             this is interpreted as 

                     login -p -h  -f lusername

             when -f accepts an argument. It provokes a usage error if -f does not accept an
             argument, it is accepted as an argument if argument parsing is done with
             strcmp("-f", argv[x]). The best solution would be to have rlogind (and telnetd if it
             negotiates a username) call a getoptified login like this: 

                     login <other args, safely constructed by telnetd/rlogind> -- username

             Summarizing: if your rlogind does the new protocol *AND* your login uses f: in its
             getopt strings, you're hosed. 


             % rlogin localhost -l -froot
             # whoami
             root