Whilst looking through the code in utils/login.c, I noticed a security issue. Even if --paranoid is set, if you give it a UID that doesn’t exist (login treats it as a UID if the first character is a digit, with no fallback to treating it as a username), it will exit without prompting for a password (and of course prompts for a password if it is a valid UID!). Is this intentional? I was also thinking that login should prompt for a username if not provided on the command line, as with Linux and BSD. This would in fact let us get rid of /bin/loginpr (currently we go via bash just to prompt for a username, and then exec login, which seems unnecessary). Thoughts?
James
