leviathan/SKELETONKEY
1
0
Fork 0
Code Issues Pull Requests Actions 21 Packages Projects Releases Wiki Activity

release: v0.2.0 — --full-chain root-pop opt-in across 7 🟡 modules
release / build (arm64) (push) Waiting to run
Details
release / build (x86_64) (push) Waiting to run
Details
release / release (push) Blocked by required conditions
Details

Browse Source 
iamroot.c: bump IAMROOT_VERSION 0.1.0 → 0.2.0
  CVES.md: redefine 🟡 to note --full-chain capability + docs/OFFSETS.md
  README.md: update Status section for v0.2.0
  docs/OFFSETS.md: new doc — env-var/kallsyms/System.map/embedded-table
                   resolution chain + operator workflow for populating
                   offsets per kernel build + sentinel-based success
                   arbitration.

All 7 🟡 modules now expose `--full-chain`. Default behavior unchanged.
This commit is contained in:
KaraZajac
2026-05-16 22:06:14 -04:00
parent c1d1910a90
commit e2a3d6e94f
4 changed files with 164 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files
CVES.md
+11 -7
View File
@@ -8,18 +8,22 @@ Status legend:
- 🟢 **WORKING** — module verified to land root on a vulnerable host
- 🟡 **PRIMITIVE** — fires the kernel primitive (trigger + slab groom
+ empirical witness) on a vulnerable host, but stops short of the
full cred-overwrite / R/W chain. Returns `EXPLOIT_FAIL` honestly;
useful as a vuln-verification probe and a continuation point for
full chains. Per-kernel offsets deliberately not shipped.
+ empirical witness) on a vulnerable host. By default returns
`EXPLOIT_FAIL` honestly (no fabricated offsets). Pass `--full-chain`
to additionally attempt root pop via the shared `modprobe_path`
finisher (`core/finisher.{c,h}`) — requires kernel offsets via
env vars / `/proc/kallsyms` / `/boot/System.map`; see
[`docs/OFFSETS.md`](docs/OFFSETS.md). On success returns
`EXPLOIT_OK` and drops a root shell; on failure returns
`EXPLOIT_FAIL` — never claims root without an empirical
setuid-bash sentinel.
- 🔵 **DETECT-ONLY** — module fingerprints presence/absence but no
exploit. (No module is currently in this state — every registered
module now fires either a full chain or a primitive.)
exploit. (No module is currently in this state.)
-**PLANNED** — stub exists, work not started
- 🔴 **DEPRECATED** — fully patched everywhere relevant; kept for
historical reference only
**Counts (v0.1.0):** 🟢 13 · 🟡 7 · 🔵 0 · ⚪ 1 · 🔴 0
**Counts (v0.2.0):** 🟢 13 · 🟡 7 (all `--full-chain` capable) · 🔵 0 · ⚪ 1 · 🔴 0
## Inventory