Show threadKevin Karhan Jan 18

@whitequark consider #toybox if it has what you need.

https://landley.net/toybox

  • Granted it doesn't have #telnet and the head maintainer @landley explicitly endorsed #dropbear (a lightweight #SSH server & client) instead, but in my experiements ( @OS1337, based off @w84death 's #Floppinux ) allowed me to quickly cobble together a <1.440kB boot image (incl. >200kB for #ISOLINUX alone!) that does an 80×25 MDA console both on VGA & Serial (@ 9600/8/N1)…

I hope that helps you...

What is toybox?

Show threadKevin Karhan Jan 11

@BestGirlGrace the only reason I use #SSH tunnels is because they work reliably.

  • I really need to see if I can use #dropbear with #pwnat to get some public-reachable SSH server persistently through #NAT|s.
shaunDec 30

TIL if you Google for “drop bear” there’s a little #EasterEgg

#dropbear #australia

Marcel SIneM(S)USDec 28
#SSH-Server #Dropbear erlaubt Rechteausweitung | Security https://www.heise.de/news/SSH-Server-Dropbear-erlaubt-Rechteausweitung-11119207.html #Patchday #OpenWRT
SSH-Server Dropbear erlaubt Rechteausweitung

Der schlanke SSH-Server Dropbear stopft mit einer aktualisierten Version unter anderem eine Rechteausweitungslücke.

heise online
CyberVeille.chDec 22
📢 CVE-2025-14282 : élévation de privilèges dans Dropbear via redirections de sockets UNIX
📝 Source : oss-sec (mailing list).
📖 cyberveille : https://cyberveille.ch/posts/2025-12-21-cve-2025-14282-elevation-de-privileges-dans-dropbear-via-redirections-de-sockets-unix/
🌐 source : https://seclists.org/oss-sec/2025/q4/281
#CVE_2025_14282 #Dropbear #Cyberveille
CVE-2025-14282 : élévation de privilèges dans Dropbear via redirections de sockets UNIX

Source : oss-sec (mailing list). Dans un post signé par “turistu” le 16 décembre 2025, un rapport technique décrit CVE-2025-14282 affectant le serveur SSH Dropbear en mode multi-utilisateur. • Problème principal : Dropbear exécute les redirections de sockets (TCP/UNIX) en tant que root durant l’authentification et avant le spawn du shell, ne basculant de manière permanente vers l’utilisateur connecté qu’ensuite. Avec l’ajout récent du forwarding vers des sockets de domaine UNIX (commit 1d5f63c), un utilisateur SSH authentifié peut se connecter à n’importe quel socket UNIX avec les identifiants root, contournant les permissions du système de fichiers et les contrôles SO_PEERCRED / SO_PASSCRED.

CyberVeille
John     Dec 20

#Scottish #reporter introduced to a #DropBear (old #video)

https://youtu.be/KCGUNpzjD6M?si=LMrLioqkbJ6gMCnj

Scottish reporter tricked into wearing protective gear for 'drop bears' | South Australia | 7NEWS

YouTube
Klaus UmbachDec 19

As most e.g. #OpenWRT devices use #dropbear just for root anyway and not for other users, this should not be critical issue for most installations in the real world, right? Or do I miss something?

https://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2025q4/002390.html

Dropbear 2025.89 and security fix

Show threadKevin Karhan Dec 12

@landley @ActionRetro Yeah, I know that one and OFC unless one needs to save every kB of space it doesn't make sense to cut a lot of functionality out of a system.

  • #mkroot aims to be a showcase of a #toybox + #musl / #linux system.

  • #OS1337 on the other hand trades functionality for size in the CORE "Edition" in order to fit.

OFC that means a lot of tools I want to add won't fit into that envelope either...

Also mkroot is IMHO a way better option than what some vendors cobble together with old Debian versions and also way easier than #LinuxFromScratch!

pkgs/docs/WISHLIST.tsv at main · OS-1337/pkgs

OS/1337 Package Repository. Contribute to OS-1337/pkgs development by creating an account on GitHub.

GitHub
QuirkyFilmsNov 10
#Dropbear (Date TBC) 🐨
A group of US tourists on a cheap Aussie outback tour discover the scam's fake dropbear attack has led them into the lair of a real, flesh-hungry koala king and his rabid army.
#CreatureFeature #FilmsWithBite #FilmMastodon 📽️ 🎬
Horror Nerd OnlineNov 10

Dropbear (2025) Trailer

#horror#Trailers#horrormovies#Dropbear – @ITNFILMS – A group of unsuspecting US tourists signs up for a low-budget Aussie outback tour run by a pair of incompetent grifters. But when their fake “koala attack” stunt goes horribly wrong, they stumble into the hunting grounds of a real, flesh-hungry koala king and his […]

#ad #Dropbear #horror #Trailers

https://horrornerdonline.com/2025/11/dropbear-2025-trailer/