On 4 Aug 2019 11:58 -0400, from jnc(a)mercury.lcs.mit.edu (Noel Chiappa): I'm guessing a little here, but could it be related to poor command line argument parsing in some shell, where "-i" forces the shell to start in interactive mode and the shell looks for parameters _anywhere_ in its argv[] (including argv[0]), not just at argv[1] and later? That would match the result described by Alec, and my modern dash's man page does give that meaning for "-i", but it also feels like a trivial bug to fix in the shell without prohibiting setuid scripts... -- Michael Kjörling • https://michael.kjorling.se • michael(a)kjorling.se “The most dangerous thought that you can have as a creative person is to think you know what you’re doing.” (Bret Victor)

when running a shell script, what's actually executed is the first line of the script (after #!) + the name of the script. If your script is named "-i", and in your path, just enter "-i", and /bin/sh -i is executed which gives you an interactive shell. There are probably half a dozen other ways to trick the shell into executing arbitrary code that is not contained in the script (more if the script actually does anything non-trivial, like e.g. an installer of some sort). So instead of trying to fix them all (and most likely missing a few), everybody just agreed that it was a terrible idea and removed the feature. On Sun, Aug 4, 2019 at 9:00 AM Noel Chiappa <jnc(a)mercury.lcs.mit.edu> wrote: