feat(agent): privilege-change probe — fentry on security_task_fix_setuid (JEF-54)#25
Merged
Merged
Conversation
…uid (JEF-54)
A new eBPF probe captures privilege escalation to root and emits a new
Behavior::PrivilegeChange { from_uid, to_uid } — Falco privilege-escalation
parity (ADR-0014).
- eBPF: fentry on security_task_fix_setuid(new, old, flags). Reads new->uid.val
and old->uid.val via bpf_probe_read_kernel (cred -> kuid_t { val: u32 } chase,
same pattern as is_tmpfs; never bpf_d_path per JEF-68). Emits ONLY on
escalation (new_uid == 0 && old_uid != 0) to keep ring volume low and the
signal meaningful. record_drop() on reserve failure.
- common: KIND_PRIV_CHANGE = 5 (wire 4 reserved) + repr(C) PrivEvent
{ header, old_uid, new_uid }.
- behavior: Behavior::PrivilegeChange; fingerprint_key "priv:{to_uid}";
summary "privilege change uid {from} -> {to}".
- userspace: RawEvent::PrivChange + decode arm for KIND_PRIV_CHANGE +
into_behavior; attach via the best-effort fentry table; stays on the
decoupled-drain/worker path (JEF-64).
- engine: proof.rs corroborates() => PrivilegeChange is NON-corroborating
(per-objective corroboration is JEF-49).
- test: KIND_PRIV_CHANGE decodes to PrivilegeChange { from, to }.
Verifier-accept is on-node only (JEF-68); validated via cargo +nightly check,
workspace build/test/clippy/fmt, and the Docker builder target (EXIT 0).
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01VtjoJttCvBY4dzCoE4f9vP
thejefflarson
force-pushed
the
jef-54-privilege-change-probe
branch
from
bd5ab38 to
cc721e9
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
A new eBPF probe captures privilege escalation to root and emits a new
Behavior::PrivilegeChange { from_uid, to_uid }— Falco privilege-escalation-rule parity (ADR-0014).How
agent/protector-agent-ebpf/src/main.rs): fentry onsecurity_task_fix_setuid(struct cred *new, const struct cred *old, int flags). Readsnew->uid.valandold->uid.valviabpf_probe_read_kernel(thecred -> kuid_t { val: u32 }pointer chase, same safe pattern asis_tmpfs; neverbpf_d_pathper JEF-68). Filters in-kernel to the escalation case (new_uid == 0 && old_uid != 0) so the ring carries only real gains of root.record_drop()on areservefailure.agent/common/src/lib.rs):KIND_PRIV_CHANGE = 5(wire value 4 reserved) +#[repr(C)] PrivEvent { header, old_uid, new_uid }.behavior/src/lib.rs):Behavior::PrivilegeChange { from_uid, to_uid };fingerprint_key→priv:{to_uid}(stable);summary→privilege change uid {from_uid} -> {to_uid}.agent/protector-agent/src/observer.rs):RawEvent::PrivChange+ adecodearm forKIND_PRIV_CHANGE+into_behavior; attached via the best-effort fentry table (fix_setuid/security_task_fix_setuid); stays on the decoupled drain→worker path (JEF-64).engine/src/engine/reason/proof.rs):corroborates()returnsfalseforPrivilegeChange— model evidence, not blanket corroboration. Per-objective corroboration is JEF-49.Validation
cargo +nightly check(eBPF crate): clean.agent/:cargo build/test/clippy --all-targets -- -D warnings/fmt— all green (warnings = errors).KIND_PRIV_CHANGEdecodes toPrivilegeChange { from_uid, to_uid }andinto_behaviormaps it through.docker build -f agent/Dockerfile --target builder— EXIT 0 (compiles the eBPF object via bpf-linker and buildsprotector-agent --features ebpf).Concerns
security_task_fix_setuidis the chosen LSM hook (the credential-fix path where setuid lands). It's attached best-effort — if it isn't fentry-attachable on 6.8, the agent logs and continues;security_capset/ the setuid path remain documented fallbacks. The escalation-to-root signal is the goal.🤖 Generated with Claude Code
https://claude.ai/code/session_01VtjoJttCvBY4dzCoE4f9vP