Bugs

No thread safety in libc

stat64() doesn't work properly

The server processes are included as part of the job with the client processes in the job. The server has the same process group ID, and the shell will wait for it. This is convenient (for printing the exit status), but wrong. If the user presses Ctrl-C, and the client handles SIGINT and survives, the server will still be killed, but the client will become mostly useless.

libc's object-based execve() ignores the close-on-exec flag

Shell: build-fs.c: If you have the command "cmd foo", and `foo' is a symlink, the symlink will be followed and the shell will also grant access to the destination of the link. If you have the command "cmd => foo", the symlink is not followed. This is inconsistent. Actually, I have realised that following the symlink is not good from a security point of view.