core/host: in_range helper + 13-module migration + 12 more tests (29 total)
Three coordinated changes that build on the host_kernel_at_least
landed in 1571b88:
1. core/host gains skeletonkey_host_kernel_in_range(h, lo..., hi...)
— a [lo, hi) bounded-interval check for modules that want the
'vulnerable window' semantics directly. Implemented in terms of
host_kernel_at_least (so the comparison logic stays in one place).
No module uses it yet; available for new modules that want it.
2. 13 modules migrated off the manual
if (v->major < X || (v->major == X && v->minor < Y)) { ... }
pattern onto
if (!skeletonkey_host_kernel_at_least(ctx->host, X, Y, 0)) { ... }
One-line replacements, mechanical, no behavior change.
Migrated: af_packet2, dirty_pipe, fuse_legacy, netfilter_xtcompat,
nf_tables, nft_fwd_dup, nft_payload, nft_set_uaf, overlayfs,
overlayfs_setuid, ptrace_traceme, stackrot, vmwgfx. The repo now
has zero manual 'v->major < X' patterns — every predates-check
reads the same way.
3. tests/test_detect.c expanded from 17 to 29 cases. Adds:
Above-fix coverage on h_kernel_6_12 (10 modules previously
untested): af_packet, af_packet2, af_unix_gc, netfilter_xtcompat,
nft_set_uaf, nft_fwd_dup, nft_payload, stackrot, sequoia, vmwgfx.
Ancient-kernel predates coverage on h_kernel_4_4 (2 more cases):
nft_set_uaf (introduced 5.1), stackrot (introduced 6.1).
Detect-path test coverage now spans most of the corpus that
has a testable host-fingerprint gate. Untested modules from
here on are either userspace bugs whose detect() doesn't gate
on host fields (pwnkit, sudo_samedit, sudoedit_editor),
entrybleed (sysfs-direct, no host gate), or the copy_fail_family
bridge (no ctx->host integration yet).
Verification: Linux (docker gcc:latest, non-root user): 29/29 pass.
macOS (local): 31-module build clean, suite reports 'skipped —
Linux-only' as designed.
This commit is contained in:
@@ -41,6 +41,16 @@ extern const struct skeletonkey_module nf_tables_module;
|
||||
extern const struct skeletonkey_module fuse_legacy_module;
|
||||
extern const struct skeletonkey_module cls_route4_module;
|
||||
extern const struct skeletonkey_module overlayfs_setuid_module;
|
||||
extern const struct skeletonkey_module af_packet_module;
|
||||
extern const struct skeletonkey_module af_packet2_module;
|
||||
extern const struct skeletonkey_module af_unix_gc_module;
|
||||
extern const struct skeletonkey_module netfilter_xtcompat_module;
|
||||
extern const struct skeletonkey_module nft_set_uaf_module;
|
||||
extern const struct skeletonkey_module nft_fwd_dup_module;
|
||||
extern const struct skeletonkey_module nft_payload_module;
|
||||
extern const struct skeletonkey_module stackrot_module;
|
||||
extern const struct skeletonkey_module sequoia_module;
|
||||
extern const struct skeletonkey_module vmwgfx_module;
|
||||
|
||||
static int g_pass = 0;
|
||||
static int g_fail = 0;
|
||||
@@ -282,6 +292,51 @@ static void run_all(void)
|
||||
run_one("overlayfs_setuid: vuln kernel + userns=false → PRECOND_FAIL",
|
||||
&overlayfs_setuid_module, &h_kernel_5_14_no_userns,
|
||||
SKELETONKEY_PRECOND_FAIL);
|
||||
|
||||
/* ── above-fix coverage for the remaining kernel modules ──
|
||||
* Kernel 6.12 is above every backport entry in the corpus.
|
||||
* For modules with a `kernel_range` table, kernel_range_is_patched
|
||||
* inherits via the "host is newer than every entry" branch and
|
||||
* detect() returns OK. */
|
||||
|
||||
run_one("af_packet: kernel 6.12 above 4.11 fix → OK",
|
||||
&af_packet_module, &h_kernel_6_12, SKELETONKEY_OK);
|
||||
|
||||
run_one("af_packet2: kernel 6.12 above 5.9 fix → OK",
|
||||
&af_packet2_module, &h_kernel_6_12, SKELETONKEY_OK);
|
||||
|
||||
run_one("af_unix_gc: kernel 6.12 above 6.6-rc1 fix → OK",
|
||||
&af_unix_gc_module, &h_kernel_6_12, SKELETONKEY_OK);
|
||||
|
||||
run_one("netfilter_xtcompat: kernel 6.12 above 5.12 fix → OK",
|
||||
&netfilter_xtcompat_module, &h_kernel_6_12, SKELETONKEY_OK);
|
||||
|
||||
run_one("nft_set_uaf: kernel 6.12 above 6.4-rc4 fix → OK",
|
||||
&nft_set_uaf_module, &h_kernel_6_12, SKELETONKEY_OK);
|
||||
|
||||
run_one("nft_fwd_dup: kernel 6.12 above 5.17 fix → OK",
|
||||
&nft_fwd_dup_module, &h_kernel_6_12, SKELETONKEY_OK);
|
||||
|
||||
run_one("nft_payload: kernel 6.12 above 6.2-rc4 fix → OK",
|
||||
&nft_payload_module, &h_kernel_6_12, SKELETONKEY_OK);
|
||||
|
||||
run_one("stackrot: kernel 6.12 above 6.4-rc4 fix → OK",
|
||||
&stackrot_module, &h_kernel_6_12, SKELETONKEY_OK);
|
||||
|
||||
run_one("sequoia: kernel 6.12 above 5.13.4 fix → OK",
|
||||
&sequoia_module, &h_kernel_6_12, SKELETONKEY_OK);
|
||||
|
||||
run_one("vmwgfx: kernel 6.12 above 6.3-rc6 fix → OK",
|
||||
&vmwgfx_module, &h_kernel_6_12, SKELETONKEY_OK);
|
||||
|
||||
/* ── ancient-kernel predates coverage ────────────────────────
|
||||
* Kernel 4.4 predates several module bugs introduced 5.x+. */
|
||||
|
||||
run_one("nft_set_uaf: kernel 4.4 predates 5.1 → OK",
|
||||
&nft_set_uaf_module, &h_kernel_4_4, SKELETONKEY_OK);
|
||||
|
||||
run_one("stackrot: kernel 4.4 predates 6.1 → OK",
|
||||
&stackrot_module, &h_kernel_4_4, SKELETONKEY_OK);
|
||||
#else
|
||||
fprintf(stderr, "[i] non-Linux platform: detect() bodies are stubbed; "
|
||||
"tests skipped (would tautologically pass).\n");
|
||||
|
||||
Reference in New Issue
Block a user