On Fri, 27 Jun 2025 at 22:41, Roberto A. Foglietta <[email protected]> wrote: > > > > > Thinking about this more, I think this introduces a massive security > > > > vulnerability that it starts allowing shell execution for accounts that > > > > specify a shell of /sbin/nologin or equivalent. > > On Fri, 27 Jun 2025 at 22:09, tito <[email protected]> wrote: > > > I'm sure this is a horrible idea and that I overlooked something very > > important and obvious..... > > Hi Tito, nice to read from you again. > > The "evil" stays in the PoC request. LOL > > What can we have overlooked? The login applet? ;-)
https://github.com/robang74/BusyBox-by-NT/blob/proposed-master/loginutils/login.c#L618 /* Exec login shell with no additional parameters */ exec_login_shell(pw->pw_shell); This line shows the reason behind my PoC request: I am not saying that it is impossible, but it is not obvious, hence a PoC is needed. However, this is NOT the problem. IMHO, the problem is WHY we need to exchange so many e-mail and involve so many people to establish a basic idea like: show me the code (aka the PoC, in this case), first. The basic idea "code first" does not grant us the fortune to always deal with the best coders in the world, but it is a filter: no basic coding skill, then read only. The gcc isn't democratic. Best regards, R- _______________________________________________ busybox mailing list [email protected] https://lists.busybox.net/mailman/listinfo/busybox
