leviathan/SKELETONKEY
1
0
Fork 0
Code Issues Pull Requests Actions 21 Packages Projects Releases Wiki Activity
Files
b206610a8e6c61e0cf7ae536c8c9afd1b5388a3b
SKELETONKEY/ROADMAP.md
T
leviathan a4b7238e4a Phase 7: nf_tables CVE-2024-1086 + active probe for dirty_pipe 
dirty_pipe detect: active sentinel probe (Phase 1.5-ish improvement)
- New dirty_pipe_active_probe(): creates a /tmp probe file with known
  sentinel bytes, fires the Dirty Pipe primitive against it, re-reads
  via the page cache, returns true if the poisoning landed.
- detect() gated on ctx->active_probe: --scan does version-only check
  (fast, no side effects); --scan --active fires the empirical probe
  and overrides version inference with the empirical verdict. Catches
  silent distro backports that don't bump uname() version.
- Three verdicts now distinguishable:
  (a) version says patched, no active probe → 'patched (version-only)'
  (b) version says vulnerable, --active fires + probe lands → CONFIRMED
  (c) version says vulnerable, --active fires + probe blocked → 'likely
      patched via distro backport'
- Probe is safe: only /tmp, no /etc/passwd.

nf_tables CVE-2024-1086 (detect-only, new module):
- Famous Notselwyn UAF in nft_verdict_init. Affects 5.14 ≤ K, fixed
  mainline 6.8 with backports landing in 5.4.269 / 5.10.210 / 5.15.149
  / 6.1.74 / 6.6.13 / 6.7.2.
- detect() checks: kernel version range, AND unprivileged user_ns clone
  availability (the exploit's reachability gate — kernel-vulnerable
  but userns-locked-down hosts report PRECOND_FAIL, signalling that
  the kernel still needs patching but unprivileged path is closed).
- Ships auditd + sigma detection rules: unshare(CLONE_NEWUSER) chained
  with setresuid(0,0,0) on a previously-non-root process is the
  exploit's canonical telltale.
- Full Notselwyn-style exploit (cross-cache UAF → arbitrary R/W → cred
  overwrite or modprobe_path hijack) is the next commit.

9 modules total now. CVES.md and ROADMAP.md updated.
2026-05-16 20:19:11 -04:00

8.5 KiB
Raw Blame History

Roadmap

What's coming next, in priority order. Dates are aspirational, not commitments.

Phase 0 — Bootstrap (DONE as of 2026-05-16)

  • Repo structure (modules/, core/, docs/, tools/, tests/)
  • Absorbed DIRTYFAIL as the first module (modules/copy_fail_family/)
  • Top-level README, CVES.md, ROADMAP.md, docs/ARCHITECTURE.md, docs/ETHICS.md
  • LICENSE (MIT)
  • Private GitHub repo

Phase 1 — Make the bundling real (DONE 2026-05-16)

  • Top-level iamroot dispatcher CLI (iamroot.c) — module registry, route to module's detect/exploit
  • Module interface header (core/module.h) — standard iamroot_module struct + iamroot_result_t (numerically aligned with copy_fail_family's df_result_t for zero-cost bridging)
  • core/registry.{c,h} — flat-array registry with find_by_name
  • modules/copy_fail_family/iamroot_modules.{c,h} — bridge layer exposing 5 modules
  • Top-level Makefile that builds all modules into one binary
  • Smoke test: iamroot --scan --json produces ingest-ready JSON; iamroot --list prints the module inventory
  • Deferred to Phase 1.5: extract apparmor_bypass.c, exploit_su.c, common.c, fcrypt.c into core/ (shared across families). Phase 1 keeps them inside copy_fail_family/src/ because there's only one family today; the extraction is mechanical and lands when a second family arrives.

Phase 2 — Add Dirty Pipe (CVE-2022-0847) — PARTIAL (DETECT done 2026-05-16)

Public PoC, well-understood, useful for completeness — IAMROOT without Dirty Pipe is incomplete as a "historical bundle." Affects kernels ≤5.16.11/≤5.15.25/≤5.10.102 so coverage is older deployments (worth bundling — many production boxes still run these).

  • modules/dirty_pipe_cve_2022_0847/ directory promoted out of _stubs/
  • core/kernel_range.{c,h} — branch-aware patched-version comparison (reusable by every future module)
  • dirty_pipe_detect() — kernel version check against branch-backport thresholds (5.10.102 / 5.15.25 / 5.16.11 / 5.17+)
  • Detection rules: auditd.rules (splice() syscall + passwd/shadow watches) and sigma.yml (non-root modification of sensitive files)
  • Registered in iamroot --list / --scan output. Verified on kernel 6.12.86 → correctly reports OK (patched).
  • Phase 2 complete (2026-05-16): full exploit landed. Inline passwd-UID and page-cache-revert helpers in the module (~80 lines). Extraction into core/host is Phase 1.5 work — deferred until a third module needs the same helpers. (Two-of-two duplication is acceptable; three-of-three triggers extraction.)
  • Exploit refuses to fire when detect() reports patched (verified end-to-end on kernel 6.12.86 — refuses cleanly).
  • Cleanup function (dirty_pipe --cleanup) added: evicts /etc/passwd via POSIX_FADV_DONTNEED + drop_caches.
  • CI matrix: Ubuntu 20.04 with kernel 5.13 (vulnerable), Debian 11 with 5.10.0-8 (vulnerable), Debian 13 with 6.12.x (patched — should detect as OK). Phase 4 work.

Phase 3 — EntryBleed (CVE-2023-0458) as stage-1 leak brick (DONE 2026-05-16)

EntryBleed is not a standalone LPE. It's a kbase leak primitive that other modules can chain. Bundled because:

  • Stage-1 of any future "build-your-own LPE" workflow

  • Detection rules for KPTI side-channel attempts are useful for defenders

  • Already works empirically on lts-6.12.88 (verified 2026-05-16)

  • modules/entrybleed_cve_2023_0458/ — leak primitive + detect

  • Exposed as a library helper: other modules can call entrybleed_leak_kbase_lib() (declared in iamroot_modules.h)

  • Wired into iamroot.c registry; iamroot --exploit entrybleed --i-know produces a kbase leak. Verified on kctf-mgr: leaked 0xffffffff8d800000 with KASLR slide 0xc800000.

  • entry_SYSCALL_64 slot offset configurable via IAMROOT_ENTRYBLEED_OFFSET env var (default matches lts-6.12.x). Future enhancement: auto-detect via /boot/System.map or /proc/kallsyms if accessible.

Phase 4 — CI matrix (PARTIAL — build-check landed 2026-05-16)

  • .github/workflows/build.yml: matrix of {gcc, clang} × {default, debug} builds on every push and PR. Includes smoke tests: --version, --list, --scan, --detect-rules in both auditd and sigma formats. Build failure breaks the merge gate. Static-build job runs continue-on-error (glibc + NSS issue; revisit with musl-gcc).
  • Distro+kernel VM matrix in GitHub Actions (Ubuntu 20.04 / 22.04 / 24.04 / 26.04, Debian 11 / 12 / 13, Alma 8 / 9 / 10, Fedora 39 / 40 / 41). Needs self-hosted runners or paid VM service; placeholder commented in build.yml.
  • Each module's exploit runs against matched-vulnerable VMs and MUST land root; runs against patched VMs and MUST fail at detect step
  • Nightly run; failures open issues automatically

Phase 5 — Detection signature export (DONE 2026-05-16)

  • iamroot --detect-rules --format=auditd — embedded auditd rules across all modules (deduped — family-shared rules emit once)
  • iamroot --detect-rules --format=sigma — embedded Sigma rules
  • --format=yara and --format=falco flags accepted; per-module strings can be added when authors ship them. Currently no module ships YARA or Falco rules (skipped cleanly).
  • struct iamroot_module gained detect_auditd, detect_sigma, detect_yara, detect_falco fields — each NULL or pointer to embedded C string. Self-contained binary, no data-dir install needed.
  • Sample SOC playbook in docs/DETECTION_PLAYBOOK.md — followup

Phase 6 — Mitigation mode (PARTIAL — copy_fail_family bridged 2026-05-16)

  • copy_fail_family: iamroot --mitigate copy_fail (or any family member) blacklists algif_aead + esp4 + esp6 + rxrpc, sets kernel.apparmor_restrict_unprivileged_userns=1, drops page cache. Bridged from existing DIRTYFAIL mitigate_apply().
  • copy_fail_family: iamroot --cleanup <name> routes by visible state: if /etc/modprobe.d/dirtyfail-mitigations.conf exists → mitigate_revert(); else evict /etc/passwd page cache. Heuristic sufficient for common usage patterns.
  • dirty_pipe: iamroot --cleanup dirty_pipe evicts /etc/passwd (already landed in Phase 2 complete).
  • dirty_pipe --mitigate: only real fix is "upgrade your kernel"; no automated mitigation possible. Document and skip.
  • entrybleed --mitigate: same — no canonical patch; document.
  • Idempotent re-run safety: copy_fail_family's apply is already idempotent (overwrites conf files). Re-verify per module.

Phase 7+ — More modules (started 2026-05-16)

Backfill of historical and recent LPEs as time allows:

  • CVE-2021-3493 — overlayfs nested-userns LPE
  • CVE-2021-4034 — Pwnkit (pkexec env handling): 🟢 FULL detect + exploit + cleanup. Detect handles legacy ("0.105") and modern ("126") version strings. Exploit: canonical Qualys-style — writes payload.c, compiles via target's gcc, builds gconv-modules cache, execve(pkexec, NULL_argv, crafted_envp). Auto-refuses on patched kernels. Cleanup removes /tmp/iamroot-pwnkit-* workdirs. Falls back gracefully on hosts without cc.
  • CVE-2022-2588 — net/sched route4 dead UAF
  • CVE-2023-2008 — vmwgfx OOB write
  • CVE-2024-1086 — nf_tables UAF: 🔵 detect-only landed (2026-05-16). Branch-backport thresholds for 5.4 / 5.10 / 5.15 / 6.1 / 6.6 / 6.7 plus mainline 6.8. Detect also probes unprivileged user_ns clone availability — kernel-vulnerable hosts with userns locked down get IAMROOT_PRECOND_FAIL (kernel still needs patching but unprivileged-exploit path is closed). Full Notselwyn-style exploit follows.
  • Fragnesia (if it lands as a CVE)
  • Anything we ourselves disclose — bundled AFTER upstream patch ships (responsible-disclosure-first)

Non-goals

  • No 0-day shipment. Everything in IAMROOT is post-patch.
  • No automated mass-targeting. No host-list mode. No automatic pivoting.
  • No persistence beyond --exploit-backdoor's /etc/passwd overwrite, which is overt and easily detected by any auditd rule we ship ourselves. Persistence-as-evasion is out of scope.
  • No container-runtime escapes unless they cleanly chain to host-root.
  • No Windows / macOS / non-Linux targets. Focus is the moat.
Reference in New Issue View Git Blame Copy Permalink