scaffold: 4 new module dirs + registry/Makefile wiring (stubs)

Pre-scaffolding for the next batch (CVE-2023-32233, CVE-2023-4622,
CVE-2022-25636, CVE-2023-0179). Each module ships as a 21-line
stub returning PRECOND_FAIL; parallel agents fill in the real
detect/exploit/--full-chain implementations.

This commit keeps registry.h / iamroot.c / Makefile in one place
so the 4 parallel agents don't collide on shared-file edits — they
each own a single iamroot_modules.c.

Build clean on Debian 6.12.86; --list shows all 24 modules
including the 4 new stubs.

Makefile

@@ -106,10 +106,30 @@ OSU_DIR  := modules/overlayfs_setuid_cve_2023_0386
 OSU_SRCS := $(OSU_DIR)/iamroot_modules.c
 OSU_OBJS := $(patsubst %.c,$(BUILD)/%.o,$(OSU_SRCS))
 
+# Family: nft_set_uaf (CVE-2023-32233)
+NSU_DIR  := modules/nft_set_uaf_cve_2023_32233
+NSU_SRCS := $(NSU_DIR)/iamroot_modules.c
+NSU_OBJS := $(patsubst %.c,$(BUILD)/%.o,$(NSU_SRCS))
+
+# Family: af_unix_gc (CVE-2023-4622)
+AUG_DIR  := modules/af_unix_gc_cve_2023_4622
+AUG_SRCS := $(AUG_DIR)/iamroot_modules.c
+AUG_OBJS := $(patsubst %.c,$(BUILD)/%.o,$(AUG_SRCS))
+
+# Family: nft_fwd_dup (CVE-2022-25636)
+NFD_DIR  := modules/nft_fwd_dup_cve_2022_25636
+NFD_SRCS := $(NFD_DIR)/iamroot_modules.c
+NFD_OBJS := $(patsubst %.c,$(BUILD)/%.o,$(NFD_SRCS))
+
+# Family: nft_payload (CVE-2023-0179)
+NPL_DIR  := modules/nft_payload_cve_2023_0179
+NPL_SRCS := $(NPL_DIR)/iamroot_modules.c
+NPL_OBJS := $(patsubst %.c,$(BUILD)/%.o,$(NPL_SRCS))
+
 # Top-level dispatcher
 TOP_OBJ  := $(BUILD)/iamroot.o
 
-ALL_OBJS := $(TOP_OBJ) $(CORE_OBJS) $(CFF_OBJS) $(DP_OBJS) $(EB_OBJS) $(PK_OBJS) $(NFT_OBJS) $(OVL_OBJS) $(CR4_OBJS) $(DCOW_OBJS) $(PTM_OBJS) $(NXC_OBJS) $(AFP_OBJS) $(FUL_OBJS) $(STR_OBJS) $(AFP2_OBJS) $(CRA_OBJS) $(OSU_OBJS)
+ALL_OBJS := $(TOP_OBJ) $(CORE_OBJS) $(CFF_OBJS) $(DP_OBJS) $(EB_OBJS) $(PK_OBJS) $(NFT_OBJS) $(OVL_OBJS) $(CR4_OBJS) $(DCOW_OBJS) $(PTM_OBJS) $(NXC_OBJS) $(AFP_OBJS) $(FUL_OBJS) $(STR_OBJS) $(AFP2_OBJS) $(CRA_OBJS) $(OSU_OBJS) $(NSU_OBJS) $(AUG_OBJS) $(NFD_OBJS) $(NPL_OBJS)
 
 .PHONY: all clean debug static help
 

core/registry.h

@@ -36,5 +36,9 @@ void iamroot_register_stackrot(void);
 void iamroot_register_af_packet2(void);
 void iamroot_register_cgroup_release_agent(void);
 void iamroot_register_overlayfs_setuid(void);
+void iamroot_register_nft_set_uaf(void);
+void iamroot_register_af_unix_gc(void);
+void iamroot_register_nft_fwd_dup(void);
+void iamroot_register_nft_payload(void);
 
 #endif /* IAMROOT_REGISTRY_H */

iamroot.c

@@ -590,6 +590,10 @@ int main(int argc, char **argv)
     iamroot_register_af_packet2();
     iamroot_register_cgroup_release_agent();
     iamroot_register_overlayfs_setuid();
+    iamroot_register_nft_set_uaf();
+    iamroot_register_af_unix_gc();
+    iamroot_register_nft_fwd_dup();
+    iamroot_register_nft_payload();
 
     enum mode mode = MODE_SCAN;
     struct iamroot_ctx ctx = {0};

modules/af_unix_gc_cve_2023_4622/iamroot_modules.c

@@ -0,0 +1,23 @@
+/* af_unix_gc_cve_2023_4622 — STUB pending agent implementation. */
+#include "iamroot_modules.h"
+#include "../../core/registry.h"
+
+static iamroot_result_t af_unix_gc_detect(const struct iamroot_ctx *ctx)
+{
+    (void)ctx;
+    return IAMROOT_PRECOND_FAIL;
+}
+
+const struct iamroot_module af_unix_gc_module = {
+    .name = "af_unix_gc",
+    .cve = "CVE-2023-4622",
+    .summary = "AF_UNIX garbage-collector race UAF (Lin Ma) — stub pending implementation",
+    .family = "af_unix",
+    .kernel_range = "2.0 ≤ K < 6.5",
+    .detect = af_unix_gc_detect,
+    .exploit = NULL, .mitigate = NULL, .cleanup = NULL,
+    .detect_auditd = NULL, .detect_sigma = NULL,
+    .detect_yara = NULL,   .detect_falco = NULL,
+};
+
+void iamroot_register_af_unix_gc(void) { iamroot_register(&af_unix_gc_module); }

modules/af_unix_gc_cve_2023_4622/iamroot_modules.h

@@ -0,0 +1,12 @@
+/*
+ * af_unix_gc_cve_2023_4622 — IAMROOT module registry hook
+ */
+
+#ifndef AF_UNIX_GC_IAMROOT_MODULES_H
+#define AF_UNIX_GC_IAMROOT_MODULES_H
+
+#include "../../core/module.h"
+
+extern const struct iamroot_module af_unix_gc_module;
+
+#endif

modules/nft_fwd_dup_cve_2022_25636/iamroot_modules.c

@@ -0,0 +1,23 @@
+/* nft_fwd_dup_cve_2022_25636 — STUB pending agent implementation. */
+#include "iamroot_modules.h"
+#include "../../core/registry.h"
+
+static iamroot_result_t nft_fwd_dup_detect(const struct iamroot_ctx *ctx)
+{
+    (void)ctx;
+    return IAMROOT_PRECOND_FAIL;
+}
+
+const struct iamroot_module nft_fwd_dup_module = {
+    .name = "nft_fwd_dup",
+    .cve = "CVE-2022-25636",
+    .summary = "nft_fwd_dup_netdev_offload heap OOB (Aaron Adams) — stub pending implementation",
+    .family = "nf_tables",
+    .kernel_range = "5.4 ≤ K < 5.18",
+    .detect = nft_fwd_dup_detect,
+    .exploit = NULL, .mitigate = NULL, .cleanup = NULL,
+    .detect_auditd = NULL, .detect_sigma = NULL,
+    .detect_yara = NULL,   .detect_falco = NULL,
+};
+
+void iamroot_register_nft_fwd_dup(void) { iamroot_register(&nft_fwd_dup_module); }

modules/nft_fwd_dup_cve_2022_25636/iamroot_modules.h

@@ -0,0 +1,12 @@
+/*
+ * nft_fwd_dup_cve_2022_25636 — IAMROOT module registry hook
+ */
+
+#ifndef NFT_FWD_DUP_IAMROOT_MODULES_H
+#define NFT_FWD_DUP_IAMROOT_MODULES_H
+
+#include "../../core/module.h"
+
+extern const struct iamroot_module nft_fwd_dup_module;
+
+#endif

modules/nft_payload_cve_2023_0179/iamroot_modules.c

@@ -0,0 +1,23 @@
+/* nft_payload_cve_2023_0179 — STUB pending agent implementation. */
+#include "iamroot_modules.h"
+#include "../../core/registry.h"
+
+static iamroot_result_t nft_payload_detect(const struct iamroot_ctx *ctx)
+{
+    (void)ctx;
+    return IAMROOT_PRECOND_FAIL;
+}
+
+const struct iamroot_module nft_payload_module = {
+    .name = "nft_payload",
+    .cve = "CVE-2023-0179",
+    .summary = "nft_payload set-id memory corruption (Davide Ornaghi) — stub pending implementation",
+    .family = "nf_tables",
+    .kernel_range = "5.4 ≤ K < 6.2",
+    .detect = nft_payload_detect,
+    .exploit = NULL, .mitigate = NULL, .cleanup = NULL,
+    .detect_auditd = NULL, .detect_sigma = NULL,
+    .detect_yara = NULL,   .detect_falco = NULL,
+};
+
+void iamroot_register_nft_payload(void) { iamroot_register(&nft_payload_module); }

modules/nft_payload_cve_2023_0179/iamroot_modules.h

@@ -0,0 +1,12 @@
+/*
+ * nft_payload_cve_2023_0179 — IAMROOT module registry hook
+ */
+
+#ifndef NFT_PAYLOAD_IAMROOT_MODULES_H
+#define NFT_PAYLOAD_IAMROOT_MODULES_H
+
+#include "../../core/module.h"
+
+extern const struct iamroot_module nft_payload_module;
+
+#endif

modules/nft_set_uaf_cve_2023_32233/iamroot_modules.c

@@ -0,0 +1,23 @@
+/* nft_set_uaf_cve_2023_32233 — STUB pending agent implementation. */
+#include "iamroot_modules.h"
+#include "../../core/registry.h"
+
+static iamroot_result_t nft_set_uaf_detect(const struct iamroot_ctx *ctx)
+{
+    (void)ctx;
+    return IAMROOT_PRECOND_FAIL;
+}
+
+const struct iamroot_module nft_set_uaf_module = {
+    .name = "nft_set_uaf",
+    .cve = "CVE-2023-32233",
+    .summary = "nf_tables anonymous-set UAF (Sondej+Krysiuk) — stub pending implementation",
+    .family = "nf_tables",
+    .kernel_range = "5.1 ≤ K < 6.4; backports to LTS pending",
+    .detect = nft_set_uaf_detect,
+    .exploit = NULL, .mitigate = NULL, .cleanup = NULL,
+    .detect_auditd = NULL, .detect_sigma = NULL,
+    .detect_yara = NULL,   .detect_falco = NULL,
+};
+
+void iamroot_register_nft_set_uaf(void) { iamroot_register(&nft_set_uaf_module); }

modules/nft_set_uaf_cve_2023_32233/iamroot_modules.h

@@ -0,0 +1,12 @@
+/*
+ * nft_set_uaf_cve_2023_32233 — IAMROOT module registry hook
+ */
+
+#ifndef NFT_SET_UAF_IAMROOT_MODULES_H
+#define NFT_SET_UAF_IAMROOT_MODULES_H
+
+#include "../../core/module.h"
+
+extern const struct iamroot_module nft_set_uaf_module;
+
+#endif