COMMAND

    login(1)

SYSTEMS AFFECTED

    BSD-net2 systems.

    FreeBSD 1.02.,  1.1 and  current, Net-BSD-current,  BSDI's BSD/386
    1.1 and BSD 4.4 is not affected

PROBLEM:

    There is a bug in NET-net2 version of login.c which allows  anyone
    who has an  account on the  machine to gain  root priviledges. The
    version of login.c has the fallowing sccsid line:

        static char sccsid[]="@(#)login.c  5.73 (Berkeley) 6/29/91"

    The bug  is that  it doesn't  reset the  root login  flag after an
    unsuccessful attempt to login as root. The upshot of this is  that
    if a person first attempts to  login as root, fails, then logs  in
    as him/herself, he/she has a uid of 0!

SOLUTION

    The fix is to add the line:

        rootlogin = 0;

    After the code:

        if (pwd && !rval)
        break;

    I  don't  know  if  there  are  any  other  versions  of this code
    which  also  have  the  same  problem.  I suggest that if you have
    a Net2-BSD derived system you check login.c and fix it ASAP.