pack2theroot (CVE-2026-41651) + --auto accuracy work

Adds the third ported module — Pack2TheRoot, a userspace PackageKit
D-Bus TOCTOU LPE — and spends real effort hardening --auto so its
detect step gives an accurate, robust verdict before deploying.

pack2theroot (CVE-2026-41651):
- Ported from the public Vozec PoC
  (github.com/Vozec/CVE-2026-41651). Original disclosure by the
  Deutsche Telekom security team.
- Two back-to-back InstallFiles D-Bus calls (SIMULATE then NONE)
  overwrite the cached transaction flags between polkit auth and
  dispatch. GLib priority ordering makes the overwrite deterministic,
  not a timing race; postinst of the malicious .deb drops a SUID bash
  in /tmp.
- detect() reads PackageKit's VersionMajor/Minor/Micro directly over
  D-Bus and compares against the pinned fix release 1.3.5 (commit
  76cfb675). This is a high-confidence verdict, not precondition-only.
- Debian-family only (PoC builds its own .deb in pure C; ar/ustar/
  gzip-stored inline). Cleanup removes /tmp .debs + best-effort
  unlinks /tmp/.suid_bash + sudo -n dpkg -r the staging packages.
- Adds an optional GLib/GIO build dependency. The top-level Makefile
  autodetects via `pkg-config gio-2.0`; when absent the module
  compiles as a stub returning PRECOND_FAIL.
- Embedded auditd + sigma rules cover the file-side footprint
  (/tmp/.suid_bash, /tmp/.pk-*.deb, non-root dpkg/apt execve).

--auto accuracy improvements:
- Auto-enables --active before the scan. Per-module sentinel probes
  (page-cache /tmp files, fork-isolated namespace mounts) turn
  version-only checks into definitive verdicts, so silent distro
  backports don't fool the scan and --auto won't pick blind on
  TEST_ERROR.
- Per-module verdict printing — every module's result is shown
  (VULNERABLE / patched / precondition / indeterminate), not just
  VULNERABLE rows. Operator sees the full picture.
- Scan-end summary line: "N vulnerable, M patched/n.a., K
  precondition-fail, L indeterminate" with a separate callout when
  modules crashed.
- Distro fingerprint added to the auto banner (ID + VERSION_ID from
  /etc/os-release alongside kernel/arch).
- Fork-isolated detect() — each detector runs in a child process so
  a SIGILL/SIGSEGV in one module's probe is contained and the scan
  continues. Surfaced live while testing: entrybleed's prefetchnta
  KASLR sweep SIGILLs on emulated CPUs (linuxkit on darwin); without
  isolation the whole --auto died at module 7 of 31. With isolation
  the scan reports "detect() crashed (signal 4) — continuing" and
  finishes cleanly.

module_safety_rank additions:
- pack2theroot: 95 (userspace D-Bus TOCTOU; dpkg + /tmp SUID footprint
  — clean but heavier than pwnkit's gconv-modules-only path).
- dirtydecrypt / fragnesia: 86 (page-cache writes; one step below the
  verified copy_fail/dirty_frag family at 88 to prefer verified
  modules when both apply).

Docs:
- README badge / tagline / tier table / ⚪ block / example output /
  v0.5.0 status — all updated to "28 verified + 3 ported".
- CVES.md counts line, the ported-modules note (now calling out
  pack2theroot's high-confidence detect vs. precondition-only for
  the page-cache pair), inventory row, operations table row.
- ROADMAP Phase 7+: pack2theroot moved out of carry-overs into the
  "landed (ported, pending VM verification)" group; added a new
  "--auto accuracy work" subsection documenting the dispatcher
  hardening landed in this commit.
- docs/index.html: scanning-count example bumped to 31, status line
  updated to mention 3 ported modules.

Build verification: full `make clean && make` in `docker gcc:latest`
with libglib2.0-dev installed: links into a 31-module skeletonkey
ELF (413KB), `--list` shows all modules including pack2theroot,
`--detect-rules --format=auditd` emits the new pack2theroot section,
`--auto --i-know --no-shell` exercises the new banner + active
probes + verdict table + fork isolation + scan summary end-to-end.
Only build warning is the pre-existing
`-Wunterminated-string-initialization` in dirty_pipe (not introduced
here).

README.md

@@ -2,11 +2,11 @@
 
 [![Latest release](https://img.shields.io/github/v/release/KaraZajac/SKELETONKEY?label=release)](https://github.com/KaraZajac/SKELETONKEY/releases/latest)
 [![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](LICENSE)
-[![Modules](https://img.shields.io/badge/modules-28%20verified%20%2B%202%20ported-brightgreen.svg)](CVES.md)
+[![Modules](https://img.shields.io/badge/modules-28%20verified%20%2B%203%20ported-brightgreen.svg)](CVES.md)
 [![Platform: Linux](https://img.shields.io/badge/platform-linux-lightgrey.svg)](#)
 
 > **One curated binary. 28 verified Linux LPE exploits, 2016 → 2026
-> (+2 ported-but-unverified). Detection rules in the box. One command
+> (+3 ported-but-unverified). Detection rules in the box. One command
 > picks the safest one and runs it.**
 
 ```bash
@@ -44,14 +44,14 @@ for every CVE in the bundle — same project for red and blue teams.
 ## Corpus at a glance
 
 **28 verified modules** spanning the 2016 → 2026 LPE timeline, plus
-**2 ported-but-unverified** modules (`dirtydecrypt`, `fragnesia` —
-see note below):
+**3 ported-but-unverified** modules (`dirtydecrypt`, `fragnesia`,
+`pack2theroot` — see note below):
 
 | Tier | Count | What it means |
 |---|---|---|
 | 🟢 Full chain | **14** | Lands root (or its canonical capability) end-to-end. No per-kernel offsets needed. |
 | 🟡 Primitive | **14** | Fires the kernel primitive + grooms the slab + records a witness. Default returns `EXPLOIT_FAIL` honestly. Pass `--full-chain` to engage the shared `modprobe_path` finisher (needs offsets — see [`docs/OFFSETS.md`](docs/OFFSETS.md)). |
-| ⚪ Ported, unverified | **2** | `dirtydecrypt` + `fragnesia`, ported from public V12 PoCs. Built and registered, but **not yet validated on a vulnerable kernel** — `detect()` is precondition-only and `--auto` will not fire them blind. Excluded from the 28-module verified counts above. |
+| ⚪ Ported, unverified | **3** | `dirtydecrypt`, `fragnesia`, `pack2theroot`. Built and registered, but **not yet validated end-to-end** — for the page-cache pair `detect()` is precondition-only; for `pack2theroot` the fix release IS pinned (high-confidence verdict). `--auto` auto-enables `--active` so the probes turn into definitive verdicts on a vulnerable host. Excluded from the 28-module verified counts above. |
 
 **🟢 Modules that land root on a vulnerable host:**
 copy_fail family ×5 · dirty_pipe · dirty_cow · pwnkit · overlayfs
@@ -65,10 +65,14 @@ nf_tables · nft_set_uaf · nft_fwd_dup · nft_payload ·
 netfilter_xtcompat · stackrot · sudo_samedit · sequoia · vmwgfx
 
 **⚪ Ported-but-unverified (not in the counts above):**
-dirtydecrypt (CVE-2026-31635) · fragnesia (CVE-2026-46300) — ported
-from public V12 PoCs, **not yet VM-validated**. Self-contained
-page-cache writes (no `--full-chain` finisher); `detect()` is
-precondition-only because the CVE fix commits are not yet pinned.
+dirtydecrypt (CVE-2026-31635) · fragnesia (CVE-2026-46300) ·
+pack2theroot (CVE-2026-41651) — ported from public PoCs, **not yet
+VM-validated**. The two page-cache writes (dirtydecrypt, fragnesia)
+have precondition-only `detect()` because the CVE fix commits are not
+yet pinned in the modules. `pack2theroot` is a userspace D-Bus
+PackageKit TOCTOU; its fix release (PackageKit 1.3.5, commit
+`76cfb675`) is pinned and `detect()` reads the daemon's version over
+D-Bus — high-confidence verdict.
 
 See [`CVES.md`](CVES.md) for per-module CVE, kernel range, and
 detection status.
@@ -106,12 +110,17 @@ $ id
 uid=1000(kara) gid=1000(kara) groups=1000(kara)
 
 $ skeletonkey --auto --i-know
-[*] auto: host=demo kernel=5.15.0-56-generic arch=x86_64
-[*] auto: scanning 30 modules for vulnerabilities...
+[*] auto: host=demo distro=ubuntu/24.04 kernel=5.15.0-56-generic arch=x86_64
+[*] auto: active probes enabled — brief /tmp file touches and fork-isolated namespace probes
+[*] auto: scanning 31 modules for vulnerabilities...
 [+] auto: dirty_pipe             VULNERABLE (safety rank 90)
 [+] auto: cgroup_release_agent   VULNERABLE (safety rank 98)
 [+] auto: pwnkit                 VULNERABLE (safety rank 100)
+[ ] auto: copy_fail              patched or not applicable
+[ ] auto: nf_tables              precondition not met
+...
 
+[*] auto: scan summary — 3 vulnerable, 21 patched/n.a., 7 precondition-fail, 0 indeterminate
 [*] auto: 3 vulnerable modules found. Safest is 'pwnkit' (rank 100).
 [*] auto: launching --exploit pwnkit...
 
@@ -172,14 +181,16 @@ also compile (modules with Linux-only headers stub out gracefully).
 
 ## Status
 
-**v0.5.0 cut 2026-05-17.** 28 verified modules, plus 2
-ported-but-unverified (`dirtydecrypt`, `fragnesia`) added since the
-cut. All 30 build clean on Debian 13 (kernel 6.12) and refuse cleanly
-on patched hosts. Empirical end-to-end validation on a
-vulnerable-kernel VM matrix is the next roadmap item; until then, the
-corpus is best understood as "compiles + detects + structurally
-correct + honest on failure" — and the two ported modules have not
-been run against a vulnerable kernel at all.
+**v0.5.0 cut 2026-05-17.** 28 verified modules, plus 3
+ported-but-unverified (`dirtydecrypt`, `fragnesia`, `pack2theroot`)
+added since the cut. All 31 build clean on Debian 13 (kernel 6.12)
+and refuse cleanly on patched hosts. `--auto` now auto-enables
+`--active` and runs each `detect()` in a fork-isolated child so one
+crashing probe cannot tear down the scan. Empirical end-to-end
+validation on a vulnerable-target VM matrix is the next roadmap item;
+until then, the corpus is best understood as "compiles + detects +
+structurally correct + honest on failure" — and the three ported
+modules have not been run against a vulnerable target at all.
 
 See [`ROADMAP.md`](ROADMAP.md) for the next planned modules and
 infrastructure work.