I doubt they put this much thought into it, but I'd say the backdoor is actually the "-n" flag and this is some modified version of login that just does setuid(0) for whatever you put after.