main/busybox: Busybox /bin/su and /bin/login bypass PAM configuration when using linux-pam
On systems using linux-pam, where a more restrictive authentication mechanism is used—such as pam_yubico.so—the Busybox binaries /bin/su and /bin/login are not PAM-aware and bypass the PAM configuration. This may be a vulnerability on some systems, since su cannot be disabled without also disabling its multi-call binary /bin/bbsuid.
Busybox could be built with PAM support by setting CONFIG_PAM=y in its configuration. Adding the packages busybox-pam and .busybox-suid-pam would fix the issue
Alternatively, the shadow package is PAM aware and provides replacement binaries for su, login, passwd, and chpasswd. But removing busybox-suid is still problematic, and as long as it's available on the system, it may be a vulnerability.
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information