@cazabon @ska

Bernstein's famous papers on the subject post-date all of us, of course. There are those available, now. I wonder how much else there is, though.

There are textbooks on design patterns and anti-patterns, and general ones on #Unix programming; but where's the book that tells you that -- is not just an interesting quirk but a general defence measure whose habitual use would (for example) have stopped #telnetd+#login having this same issue 3 times over (in #inetutils, in Solaris, and reportedly in AIX before that)?

Where is the textbook that explains that postcodes have no legal requirement to match a simplistic regular expression? Or the handiness of vis encoding in making whitespace-separated flat table files workable? Or that sscanf() is inadequate for a terminal emulator dealing with control sequences?

Or that habitually using the ADO.NET connection string builder classes, command builders, and parameter classes are good ideas?

#ComputerProgramming #security

@jas

My first suspect for a #login not supporting -- would be something with a 1980s history pre-dating standard #getopt, such as Solaris, which is ironic given that #inetutils has its only -- present in conditionally compiled code targetting Solaris.

#FreeBSD, #NetBSD, and #OpenBSD login all use getopt(), pervasive in these worlds for decades, as do the util-linux login (used by Debian et al.), and the #Illumos and #BusyBox logins.

#suckless login supports -- via ARGBEGIN.

@ska @cazabon

@ska

Looking at the commit and the code as it still stands today, it is interesting that only on Solaris does it even try to use -- in the arguments to login to signal the end of options, and even then only in limited circumstances.

#FreeBSD telnetd, for comparison, always puts -- in before the supplied account name.

I wonder how long it will be before the lesson is properly learned.

@jas
#getopt #login #telnetd #inetutils