diff --git a/usr/libexec/security-misc/pam-info b/usr/libexec/security-misc/pam-info
index 49b376c..ce420b2 100755
--- a/usr/libexec/security-misc/pam-info
+++ b/usr/libexec/security-misc/pam-info
@@ -80,7 +80,7 @@ if [ "$PAM_USER" = 'sysmaint' ]; then
    fi
 fi
 
-kernel_cmdline="$(cat /proc/cmdline)"
+kernel_cmdline="$(cat -- /proc/cmdline)"
 
 if [ "$PAM_USER" != 'sysmaint' ] \
    && [[ "${kernel_cmdline}" =~ 'boot-role=sysmaint' ]]; then
@@ -93,7 +93,7 @@ fi
 ## Also this should only run for login since securetty covers only login.
 # if [ "$PAM_USER" = "root" ]; then
 #    if [ -f /etc/securetty ]; then
-#       grep_result="$(grep "^[^#]" /etc/securetty)"
+#       grep_result="$(grep -- "^[^#]" /etc/securetty)"
 #       if [ "$grep_result" = "" ]; then
 #          printf '%s\n' "\
 # $0: ERROR: Root login is disabled.