On Sat, 28 Jun 2025 at 21:58, Nadav Tasher <[email protected]> wrote:
> > Roberto, I think what they're trying to say is that in the valid edge-case > where you do configure a system to disallow a user login via /etc/passwd, > they should not be able to invoke shell executions in any way, which > could be bypassed by the proposed change "hardwiring" the shell to ash. > Which has nothing to do with your patch, because it is about login not shell invocation during the execution of a demon or a non-login user. They say bullshit as per woke default and it did not start yesterday but after they pushed out Rob Radley (toybox guy aka busybox in Android system, now). Time to change and the gcc is not democratic, so do I. Anyway, feel free to prove me wrong with a PoC. Best regards, -- Roberto A. Foglietta +49.176.274.75.661 +39.349.33.30.697 _______________________________________________ busybox mailing list [email protected] https://lists.busybox.net/mailman/listinfo/busybox
