login(1)
Systems Affected:
BSD-net2 systems. Systems not affected:
FreeBSD 1.02., 1.1 and current, Net-BSD-current, BSDI's
BSD/386 1.1 and BSD 4.4.

Problem:

There is a bug in NET-net2 version of login.c which allows
anyone who has an account on the machine to gain root
priviledges. The version of login.c has the fallowing sccsid
line:

	static char sccsid[]="@(#)login.c  5.73 (Berkeley) 6/29/91"

The bug is that it doesn't reset the root login flag after
an unsuccessful attempt to login as root. The upshot of this
is that if a person first attempts to login as root, fails,
then logs in as him/herself, he/she has a uid of 0!

Solution:
The fix is to add the line:

	rootlogin = 0;

After the code:

	if (pwd && !rval)
	break;

I don't know if there are any other versions of this code
which also have the same problem. I suggest that if you have
a Net2-BSD derived system you check login.c and fix it ASAP.