BusyBox runs as root by default, and it's used by hundreds of millions of device... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		rvnx 23 days ago \| parent \| context \| favorite \| on: Serving 200M requests per day with a CGI-bin BusyBox runs as root by default, and it's used by hundreds of millions of devices. For embedded devices (routers, security cameras, etc), it's very common to run CGI scripts as root. So it is not even 30 years ago, it's still today, because of bad practices of the past.

kragen 23 days ago [–]

Oh, that's a good point. In those cases the web server actually needs root, in the sense that it has to be able to upgrade the firmware and reconfigure the network interface.

Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact