SKELETONKEY

Author	SHA1	Message	Date
leviathan	8de46e212e	kernel_range: refresh tables from Debian tracker — 5 MISSING adds + 4 off-by-one harmonisations First batch of fixes surfaced by tools/refresh-kernel-ranges.py. Drift drops from 18 actionable findings (5 MISSING + 13 TOO_TIGHT) to 13 (now only 1 MISSING + 12 TOO_TIGHT). The remaining TOO_TIGHT findings all involve threshold-version drops of 2+ patch versions; those need per-commit verification against git.kernel.org/linus before applying (saving for a follow-up). MISSING adds — branches Debian has fixed that we had no entry for: af_unix_gc (CVE-2023-4622): + {6, 4, 13} stable 6.4.x (forky/sid/trixie all at this version) dirtydecrypt (CVE-2026-31635): + {6, 19, 13} stable 6.19.x (forky/sid) — our previous table only listed mainline 7.0.0; Debian is shipping the fix on the 6.19 branch ahead of 7.0 release. overlayfs_setuid (CVE-2023-0386): + {5, 10, 179} stable 5.10.x (bullseye) vmwgfx (CVE-2023-2008): + {5, 10, 127} stable 5.10.x (bullseye) + {5, 18, 14} stable 5.18.x (bookworm/forky/sid/trixie) TOO_TIGHT harmonisations — single-patch-version differences, almost certainly off-by-one curation errors on our side: nf_tables (CVE-2024-1086): {5, 10, 210} -> {5, 10, 209} (Debian bullseye) nft_payload (CVE-2023-0179): {5, 10, 163} -> {5, 10, 162} (Debian bullseye) nft_set_uaf (CVE-2023-32233): {5, 10, 180} -> {5, 10, 179} (Debian bullseye) {6, 1, 28} -> {6, 1, 27} (Debian bookworm) Larger TOO_TIGHT diffs deferred: - cgroup_release_agent (5.16.9 -> 5.16.7, diff 2) - cls_route4 (5.18.18 -> 5.18.16, diff 2; 5.10.143 -> 5.10.136, diff 7) - dirty_cow (4.7.10 -> 4.7.8, diff 2) - dirty_pipe (5.10.102 -> 5.10.92, diff 10) - netfilter_xtcompat (5.10.46 -> 5.10.38, diff 8) - overlayfs_setuid (6.1.27 -> 6.1.11, diff 16) - ptrace_traceme (4.19.58 -> 4.19.37, diff 21) - sequoia (5.10.52 -> 5.10.46, diff 6) These need per-commit confirmation against the upstream-stable kernel changelog before lowering our threshold. Conservatively keeping the current (more strict) values until each is verified. Verification: - Linux (docker gcc:latest + libglib2.0-dev + sudo): 44/44 tests pass, full build clean. - macOS (local): 31-module build clean. - tools/refresh-kernel-ranges.py rerun: drift reduced 18 -> 13.	2026-05-23 00:58:04 -04:00
leviathan	2b1e96336e	core/host: in_range helper + 13-module migration + 12 more tests (29 total) Three coordinated changes that build on the host_kernel_at_least landed in `1571b88`: 1. core/host gains skeletonkey_host_kernel_in_range(h, lo..., hi...) — a [lo, hi) bounded-interval check for modules that want the 'vulnerable window' semantics directly. Implemented in terms of host_kernel_at_least (so the comparison logic stays in one place). No module uses it yet; available for new modules that want it. 2. 13 modules migrated off the manual if (v->major < X \|\| (v->major == X && v->minor < Y)) { ... } pattern onto if (!skeletonkey_host_kernel_at_least(ctx->host, X, Y, 0)) { ... } One-line replacements, mechanical, no behavior change. Migrated: af_packet2, dirty_pipe, fuse_legacy, netfilter_xtcompat, nf_tables, nft_fwd_dup, nft_payload, nft_set_uaf, overlayfs, overlayfs_setuid, ptrace_traceme, stackrot, vmwgfx. The repo now has zero manual 'v->major < X' patterns — every predates-check reads the same way. 3. tests/test_detect.c expanded from 17 to 29 cases. Adds: Above-fix coverage on h_kernel_6_12 (10 modules previously untested): af_packet, af_packet2, af_unix_gc, netfilter_xtcompat, nft_set_uaf, nft_fwd_dup, nft_payload, stackrot, sequoia, vmwgfx. Ancient-kernel predates coverage on h_kernel_4_4 (2 more cases): nft_set_uaf (introduced 5.1), stackrot (introduced 6.1). Detect-path test coverage now spans most of the corpus that has a testable host-fingerprint gate. Untested modules from here on are either userspace bugs whose detect() doesn't gate on host fields (pwnkit, sudo_samedit, sudoedit_editor), entrybleed (sysfs-direct, no host gate), or the copy_fail_family bridge (no ctx->host integration yet). Verification: Linux (docker gcc:latest, non-root user): 29/29 pass. macOS (local): 31-module build clean, suite reports 'skipped — Linux-only' as designed.	2026-05-22 23:58:38 -04:00
leviathan	36814f272d	modules: migrate remaining 22 modules to ctx->host fingerprint Completes the host-fingerprint refactor that started in `c00c3b4`. Every module now consults the shared ctx->host (populated once at startup by core/host.c) instead of re-doing uname / geteuid / /etc/os-release parsing / fork+unshare(CLONE_NEWUSER) probes per detect(). Migrations applied per module (mechanical, no exploit logic touched): 1. #include "../../core/host.h" inside each module's #ifdef __linux__. 2. kernel_version_current(&v) -> ctx->host->kernel (with the v -> v-> arrow-vs-dot fix for all later usage). Drops ~20 redundant uname() calls across the corpus. 3. geteuid() == 0 (the 'already root, nothing to escalate' gate) -> bool is_root = ctx->host ? ctx->host->is_root : (geteuid() == 0); This is the key change that lets the unit test suite construct non-root fingerprints regardless of the test process's actual euid. 4. Per-detect fork+unshare(CLONE_NEWUSER) probe helpers (named can_unshare_userns / can_unshare_userns_mount across the corpus) are removed wholesale; their call sites now consult ctx->host->unprivileged_userns_allowed, which was probed once at startup. Removes ~10 per-scan fork()s. Modules touched by this commit (22): Batch A (7): dirty_pipe, dirty_cow, ptrace_traceme, pwnkit, cgroup_release_agent, overlayfs_setuid, and entrybleed (no migration target — KPTI gate stays as direct sysfs read; documented as 'no applicable pattern'). Batch B (7): nf_tables, cls_route4, netfilter_xtcompat, af_packet, af_packet2, af_unix_gc, fuse_legacy. Batch C (8): stackrot, nft_set_uaf, nft_fwd_dup, nft_payload, sudo_samedit, sequoia, sudoedit_editor, vmwgfx. Combined with the 4 modules already migrated (dirtydecrypt, fragnesia, pack2theroot, overlayfs) and the 5-module copy_fail_family bridge, the entire registered corpus now goes through ctx->host. The 4 'fork+unshare per detect()' helpers that existed across nf_tables, cls_route4, netfilter_xtcompat, af_packet, af_packet2, fuse_legacy, nft_set_uaf, nft_fwd_dup, nft_payload, sequoia, cgroup_release_agent, and overlayfs_setuid are now gone — replaced by the single startup probe in core/host.c. Verification: - Linux (docker gcc:latest + libglib2.0-dev): full clean build links 31 modules; tests/test_detect.c: 8/8 pass. - macOS (local): full clean build links 31 modules (Mach-O, 172KB); test suite reports skipped as designed on non-Linux. Subsequent commits can add more EXPECT_DETECT cases in tests/test_detect.c — the host-fingerprint paths in every module are now uniformly testable via synthetic struct skeletonkey_host instances.	2026-05-22 23:43:20 -04:00
leviathan	cdb8f5e8f9	all modules: wrap Linux-only code in #ifdef __linux__ — full macOS build works Every kernel-LPE module that uses Linux-only headers (splice, posix_fadvise, linux/netlink.h, sys/ptrace.h, etc.) now follows the same #ifdef __linux__ pattern the new modules already used: Linux body in the ifdef, stub detect/exploit/cleanup returning SKELETONKEY_PRECOND_FAIL on non-Linux, platform-neutral rule strings + module struct + register fn left outside. 14 modules wrapped: dirty_pipe (already done above), af_packet, af_packet2, cgroup_release_agent, cls_route4, dirty_cow, fuse_legacy, netfilter_xtcompat, nf_tables, nft_fwd_dup, nft_payload, overlayfs, overlayfs_setuid, ptrace_traceme. Several modules previously had ad-hoc partial stubs (af_packet2 faked SIOCSIFFLAGS/MAP_LOCKED, netfilter_xtcompat faked sysv-msg syscalls, the nft_* modules had 3 partial __linux__ islands each, fuse_legacy / nf_tables had inner-only ifdef blocks) — all replaced with the uniform outer-wrap shape from dirty_pipe / dirtydecrypt / fragnesia / pack2theroot. Where a module includes core/kernel_range.h, core/finisher.h, or core/offsets.h, those are now inside the ifdef block as well — silences clangd's "unused-includes" LSP warning on macOS while keeping them present for the real Linux build. No exploit logic, constant, struct, shellcode byte, or rule string was modified — only include placement and ifdef markers. Build verification: macOS (local): make clean && make → Mach-O x86_64, 31 modules registered, --scan reports each Linux-only module as "Linux-only module — not applicable here". Linux (docker gcc:latest + libglib2.0-dev): make clean && make → ELF 64-bit, 31 modules. Exploit code paths unchanged.	2026-05-22 22:58:16 -04:00
leviathan	9593d90385	rename: IAMROOT → SKELETONKEY across the entire project release / build (arm64) (push) Waiting to run Details release / build (x86_64) (push) Waiting to run Details release / release (push) Blocked by required conditions Details Breaking change. Tool name, binary name, function/type names, constant names, env vars, header guards, file paths, and GitHub repo URL all rebrand IAMROOT → SKELETONKEY. Changes: - All "IAMROOT" → "SKELETONKEY" (constants, env vars, enum values, docs, comments) - All "iamroot" → "skeletonkey" (functions, types, paths, CLI) - iamroot.c → skeletonkey.c - modules//iamroot_modules.{c,h} → modules//skeletonkey_modules.{c,h} - tools/iamroot-fleet-scan.sh → tools/skeletonkey-fleet-scan.sh - Binary "iamroot" → "skeletonkey" - GitHub URL KaraZajac/IAMROOT → KaraZajac/SKELETONKEY - .gitignore now expects build output named "skeletonkey" - /tmp/iamroot-* tmpfiles → /tmp/skeletonkey-* - Env vars IAMROOT_MODPROBE_PATH etc. → SKELETONKEY_* New ASCII skeleton-key banner (horizontal key icon + ANSI Shadow SKELETONKEY block letters) replaces the IAMROOT banner in skeletonkey.c and README.md. VERSION: 0.3.1 → 0.4.0 (breaking). Build clean on Debian 6.12.86. `skeletonkey --version` → 0.4.0. All 24 modules still register; no functional code changes — pure rename + banner refresh.	2026-05-16 22:43:49 -04:00
leviathan	9d88b475c1	v0.3.1: --dump-offsets tool + NOTICE.md per module release / build (arm64) (push) Waiting to run Details release / build (x86_64) (push) Waiting to run Details release / release (push) Blocked by required conditions Details The README has been claiming "each module credits the original CVE reporter and PoC author in its NOTICE.md" since v0.1.0, but only copy_fail_family actually shipped one. Fixed. modules/<name>/NOTICE.md (×19 new + 1 existing): per-module research credit covering CVE ID, discoverer, original advisory URL where public, upstream fix commit, IAMROOT's role. iamroot.c: new --dump-offsets subcommand. Resolves kernel offsets via the existing core/offsets.c four-source chain (env → /proc/kallsyms → /boot/System.map → embedded table), then emits a ready-to-paste C struct entry for kernel_table[]. Run once as root on a target kernel build; upstream via PR. Eliminates fabricating offsets — every shipped entry traces back to a `iamroot --dump-offsets` invocation on a real kernel. docs/OFFSETS.md: documents the --dump-offsets workflow. CVES.md: notes the NOTICE.md convention + offset dump tool. iamroot.c: bump IAMROOT_VERSION 0.3.0 → 0.3.1.	2026-05-16 22:33:43 -04:00
leviathan	c1d1910a90	modules: wire --full-chain root-pop into all 7 🟡 PRIMITIVE modules Each module now exposes an opt-in full-chain root-pop via --full-chain: default --exploit behavior is unchanged (primitive-only, returns EXPLOIT_FAIL). With --full-chain, after primitive lands, modules call iamroot_finisher_modprobe_path() via a module-specific arb_write_fn that re-uses the same trigger + slab groom to write a userspace payload path into modprobe_path[], then exec a setuid bash dropped by the kernel-invoked modprobe. netfilter_xtcompat (+239): msg_msg m_list_next stride-seed FALLBACK af_packet (+316): sk_buff data-pointer stride-seed FALLBACK af_packet2 (+156): tp_reserve underflow + skb spray, LAST RESORT nf_tables (+275): forged pipapo_elem with kaddr value-ptr (Notselwyn offset 0x10), FALLBACK cls_route4 (+251): msg_msg refill of UAF'd filter, FALLBACK fuse_legacy (+291): m_ts overflow + MSG_COPY sanity gate, FALLBACK (one of two modules with a real post-write sanity check) stackrot (+233): race-driver budget extended 3s → 30s when --full-chain; honest <1% race-win/run All seven honor verified-vs-claimed: arb_write_fn returns 0 for "trigger structurally fired"; the shared finisher's setuid-bash sentinel poll is the empirical arbiter. EXPLOIT_OK only when the sentinel materializes within 3s of the modprobe_path trigger. Build clean on Debian 6.12.86 (kctf-mgr); all 7 modules refuse cleanly on both default and --full-chain paths via the existing patched-kernel detect gate (short-circuits before the new branch).	2026-05-16 22:04:40 -04:00
leviathan	498bb36404	modules: port 5 detect-only modules to trigger+groom (Option B) Converts the 5 remaining detect-only network/fs LPE modules to fire the actual kernel primitive on a vulnerable host, with honest EXPLOIT_FAIL return values since none ship the per-kernel cred-overwrite finisher. af_packet (CVE-2017-7308): +444 LoC — TPACKET_V3 int-overflow + skb spray + best-effort cred race af_packet2 (CVE-2020-14386): +446 LoC — tp_reserve underflow + sendmmsg skb spray cls_route4 (CVE-2022-2588): +410 LoC — route4 dangling-filter UAF + msg_msg 1k spray + classify drive fuse_legacy (CVE-2022-0185): +420 LoC — fsconfig 4k OOB write + msg_msg cross-cache groom nf_tables (CVE-2024-1086): +613 LoC — hand-rolled nfnetlink batch builder + NFT_GOTO/DROP double-free + msg_msg groom skeleton All five share: - userns+netns reach (unshare(CLONE_NEWUSER\|CLONE_NEWNET)) - Detect-refuse-on-patched re-call from exploit() - geteuid()==0 short-circuit - Honest EXPLOIT_FAIL with continuation roadmap comments - macOS dev-build stubs via #ifdef __linux__ where needed Build verified clean on Debian 6.12.86 (kctf-mgr). All five refuse on the patched kernel.	2026-05-16 21:22:17 -04:00
leviathan	a4b7238e4a	Phase 7: nf_tables CVE-2024-1086 + active probe for dirty_pipe dirty_pipe detect: active sentinel probe (Phase 1.5-ish improvement) - New dirty_pipe_active_probe(): creates a /tmp probe file with known sentinel bytes, fires the Dirty Pipe primitive against it, re-reads via the page cache, returns true if the poisoning landed. - detect() gated on ctx->active_probe: --scan does version-only check (fast, no side effects); --scan --active fires the empirical probe and overrides version inference with the empirical verdict. Catches silent distro backports that don't bump uname() version. - Three verdicts now distinguishable: (a) version says patched, no active probe → 'patched (version-only)' (b) version says vulnerable, --active fires + probe lands → CONFIRMED (c) version says vulnerable, --active fires + probe blocked → 'likely patched via distro backport' - Probe is safe: only /tmp, no /etc/passwd. nf_tables CVE-2024-1086 (detect-only, new module): - Famous Notselwyn UAF in nft_verdict_init. Affects 5.14 ≤ K, fixed mainline 6.8 with backports landing in 5.4.269 / 5.10.210 / 5.15.149 / 6.1.74 / 6.6.13 / 6.7.2. - detect() checks: kernel version range, AND unprivileged user_ns clone availability (the exploit's reachability gate — kernel-vulnerable but userns-locked-down hosts report PRECOND_FAIL, signalling that the kernel still needs patching but unprivileged path is closed). - Ships auditd + sigma detection rules: unshare(CLONE_NEWUSER) chained with setresuid(0,0,0) on a previously-non-root process is the exploit's canonical telltale. - Full Notselwyn-style exploit (cross-cache UAF → arbitrary R/W → cred overwrite or modprobe_path hijack) is the next commit. 9 modules total now. CVES.md and ROADMAP.md updated.	2026-05-16 20:19:11 -04:00

9 Commits