leviathan
a0d7d0b75b
CHARON ferries file descriptors out of dying SUID/SGID processes through the __ptrace_may_access mm==NULL window in do_exit(), disclosed by Qualys 2026-05-15 (CVE-2026-46333). Default behavior: dump /etc/shadow to stdout, banner + progress on stderr. --quiet for pure-pipe output, --verbose for stats. Built-in lures cover Debian/Ubuntu (chage SGID-shadow), RHEL family (chage SUID-root), and ssh-keysign. Patched-kernel detection distinguishes "primitive fires but lure didn't open target" from "pidfd_getfd never succeeded → fix is in place". Pre-built 46KB musl-static binary included as charon-static.
9 lines
80 B
Plaintext
9 lines
80 B
Plaintext
charon
|
|
*.o
|
|
*.dSYM/
|
|
.DS_Store
|
|
|
|
# Keep the prebuilt static binary
|
|
!charon-static
|
|
|