leviathan/SKELETONKEY
1
0
Fork 0
Code Issues Pull Requests Actions 21 Packages Projects Releases Wiki Activity

release: v0.1.0 — 20-module corpus, 13 root-pop + 7 primitive

Browse Source 
iamroot.c: bump IAMROOT_VERSION from 0.1.0-phase1 → 0.1.0
  README.md: replace "bootstrap phase" status with v0.1.0 corpus
             breakdown (13🟢 / 7🟡 across 2016→2026 timeline)
  CVES.md:   redefine 🟡 to mean "primitive fires + groom + witness,
             stops short of cred-overwrite chain — refuses to claim
             root unless empirically demonstrated"; flip 7 entries
             from 🔵🟡; add the two missing 🟢 entries
             (cgroup_release_agent, overlayfs_setuid); extend the
             operations matrix from 7 → 20 rows.
  ROADMAP.md: mark all Phase-7 items landed; add Phase 8 covering
              full-chain promotions (nf_tables / xtcompat / af_packet
              prioritized — each has a public reference exploit;
              IAMROOT's no-fabricated-offsets rule means each needs
              an env-var offset table or System.map auto-resolve).

Build clean on Debian 6.12.86; iamroot --version reports 0.1.0.
This commit is contained in:
KaraZajac
2026-05-16 21:40:51 -04:00
parent 3015e71ea3
commit dce158e33a
4 changed files with 98 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+17 -7
View File
@@ -63,14 +63,24 @@ The same binary covers offense and defense:
## Status
**Active. Bootstrap phase as of 2026-05-16.** First module
(`copy_fail_family`) absorbed from the standalone DIRTYFAIL project
and is verified working end-to-end on Ubuntu 26.04 + Alma 9 + Debian
13 with full AppArmor bypass + container escape demo + persistent
backdoor mode.
**Active — v0.1.0 cut 2026-05-16.** Corpus covers **20 modules**
across the 2016 → 2026 LPE timeline:
See [`CVES.md`](CVES.md) for the full curated CVE list with patch
status. See [`ROADMAP.md`](ROADMAP.md) for the next planned modules.
- 🟢 **13 modules land root** end-to-end on a vulnerable host
(copy_fail family ×5, dirty_pipe, entrybleed leak, pwnkit,
overlayfs CVE-2021-3493, dirty_cow, ptrace_traceme,
cgroup_release_agent, overlayfs_setuid CVE-2023-0386).
- 🟡 **7 modules fire the kernel primitive** (trigger + slab groom +
empirical witness) but stop short of the full cred-overwrite /
R/W chain — they return `EXPLOIT_FAIL` honestly rather than
fabricate per-kernel offsets. Useful as vuln-verification probes.
(af_packet, af_packet2, cls_route4, fuse_legacy, nf_tables,
netfilter_xtcompat, stackrot.)
- Detection rules ship inline (auditd / sigma / yara / falco) and
are exported via `iamroot --detect-rules --format=…`.
See [`CVES.md`](CVES.md) for the per-CVE inventory + patch status.
See [`ROADMAP.md`](ROADMAP.md) for the next planned modules.
## Why this exists