armybox 0.3.0

A memory-safe #[no_std] BusyBox/Toybox clone in Rust - 299 Unix utilities in ~500KB
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110

# Security Policy

## Supported Versions

We actively support the following versions with security updates:

| Version | Supported          |
| ------- | ------------------ |
| 0.3.x   | :white_check_mark: |
| 0.2.x   | :white_check_mark: |
| 0.1.x   | :x:                |

## Reporting a Vulnerability

We take security seriously. If you discover a security vulnerability in Armybox, please report it responsibly.

### How to Report

**Do NOT open a public GitHub issue for security vulnerabilities.**

Instead, please email us at: **security@pegasusheavy.industries**

Include the following information:

1. **Description**: A clear description of the vulnerability
2. **Impact**: What an attacker could do with this vulnerability
3. **Reproduction**: Steps to reproduce the issue
4. **Version**: Armybox version(s) affected
5. **Environment**: OS, architecture, and other relevant details
6. **Suggested Fix**: If you have one (optional but appreciated)

### What to Expect

- **Acknowledgment**: We'll acknowledge receipt within 48 hours
- **Initial Assessment**: Within 7 days, we'll provide an initial assessment
- **Updates**: We'll keep you informed of our progress
- **Credit**: We'll credit you in the security advisory (unless you prefer anonymity)

### Security Considerations

#### Memory Safety

Armybox is written in Rust, which provides strong memory safety guarantees:

- No buffer overflows
- No use-after-free
- No data races
- No null pointer dereferences

However, we use `unsafe` blocks for:
- FFI calls to libc
- Raw pointer operations in applet dispatch
- Custom allocator implementation

These areas receive extra scrutiny during code review.

#### Input Handling

All applets that process user input must:

1. Validate input sizes before allocation
2. Handle malformed input gracefully
3. Avoid unbounded recursion
4. Properly sanitize paths and filenames

#### Privilege Escalation

Applets that interact with system resources (mount, init, etc.) must:

1. Drop privileges when appropriate
2. Validate permissions before operations
3. Avoid TOCTOU vulnerabilities
4. Handle signals safely

### Known Security Considerations

1. **Shell Command Injection**: The shell (`sh`/`ash`/`dash`) executes user-provided commands. Users should be aware of standard shell security practices.

2. **Network Applets**: Networking utilities like `wget`, `nc`, and `ping` make network connections. Use appropriate firewall rules.

3. **Init System**: The init system runs as PID 1 with root privileges. Ensure `/etc/inittab` is properly secured.

4. **Vi Editor**: The vi editor can execute shell commands via `:!`. This is expected behavior.

### Security Best Practices

When using Armybox in production:

1. **Use Read-Only Filesystem**: Mount the armybox binary read-only
2. **Restrict Capabilities**: Use Linux capabilities to limit privileges
3. **Container Isolation**: In containers, use appropriate security contexts
4. **Regular Updates**: Keep armybox updated to the latest version

### Disclosure Policy

We follow a 90-day disclosure policy:

1. We'll work to fix the vulnerability within 90 days
2. After 90 days, or when a fix is released (whichever is first), we'll publish a security advisory
3. We'll coordinate with you on the disclosure timeline

### Security Advisories

Security advisories are published at:
- GitHub Security Advisories: https://github.com/pegasusheavy/armybox/security/advisories
- Our documentation: https://pegasusheavy.github.io/armybox/security

---

Thank you for helping keep Armybox and its users safe! 🛡️