Reading the CVEs that uutils (Rewrite-it-in-Rust coreutils) just got to be sure my implementation doesn't have the same issues, and well… 70% in and got 4 as failures which are also just fails in regard to POSIX specification:
CVE-2026-35367 against nohup(1): POSIX requires to create the nohup.out file as S_IRUSR | S_IWUSR
CVE-2026-35369 against kill(1): Signal numbers can be negative for process groups, POSIX even has kill -HUP -1 and kill -SIGTERM -123 in the examples.
CVE-2026-35370, CVE-2026-35371 against id(1): real vs. effective is well-specified including for groups=
CVE-2026-35367 against nohup(1): POSIX requires to create the nohup.out file as S_IRUSR | S_IWUSR
CVE-2026-35369 against kill(1): Signal numbers can be negative for process groups, POSIX even has kill -HUP -1 and kill -SIGTERM -123 in the examples.
CVE-2026-35370, CVE-2026-35371 against id(1): real vs. effective is well-specified including for groups=
1
