On Fri, 27 Jun 2025 at 18:36, Xabier Oneca -- xOneca <[email protected]> wrote: > > Hi all, > > > Thinking about this more, I think this introduces a massive security > > vulnerability that it starts allowing shell execution for accounts that > > specify a shell of /sbin/nologin or equivalent. > > This is a *very important* and scary observation. I think this can be > a blocker for this patch as-is. >
Which is more or less the same problem we can have when busybox is suid root and every user can escalate privileges by calling it. Let me guess about suid escalation: this is not a flaw in BusyBox's design, but rather a misconfiguration of the system. Therefore, installing a "standalone busybox" into a common users-shared privilege-aware system, what can be? A massive vulnerability by design or a system misconfiguration? Anyway, a vulnerability does not exist until a PoC is presented. However, in cautelativa way into the menuconfig a warning should be inserted like - this option might lead to user shell escalation (before the PoC) - this option leads to user shell escalation (after the PoC) Those who see in this a problem (people who miscofigure their system for no reason rather than do things they do not know about) are invited to propose a solution within the constraints of the "standalone" concept. Participation is the key. Best regards, R- _______________________________________________ busybox mailing list [email protected] https://lists.busybox.net/mailman/listinfo/busybox
