A logic flaw in algif_aead/authencesn lets any unprivileged
user deterministically write 4 bytes into any file’s page cache. Chained through
/etc/passwd and /etc/pam.d/su, it produces a no-password
root shell — 732 bytes of Python, no races, no offsets.
AF_ALG (socket family 38) is in agentsh’s DefaultBlockedFamilies() —
enabled automatically when seccomp.enabled: true, no explicit rule required.
You can also add an explicit socket_rule if you want the block to be visible in your config.
Either way, the Copy Fail exploit’s socket(AF_ALG, SOCK_SEQPACKET, 0) call
returns EAFNOSUPPORT before write4() ever fires.
/etc/passwd and /etc/pam.d/su are never touched.
Alice (uid=1000) patches /etc/passwd (uid → 0000) and
/etc/pam.d/su (pam_rootok.so → pam_permit.so)
in page cache. Nothing is written to disk. su alice drops into a root shell
with no password. /tmp/OWNED-BY-ALICE is written as uid=0.
agentsh’s default blocked_socket_families returns
EAFNOSUPPORT at socket(AF_ALG, ...).
The exploit tracebacks immediately. /etc/passwd still shows uid=1000.
No marker file. No write. Zero custom configuration required.
socket(AF_ALG, SOCK_SEQPACKET, 0). With
seccomp.enabled: true, agentsh’s default blocked socket families already
return EAFNOSUPPORT for AF_ALG. Setting
blocked_socket_families: [] opts out of that default and should not be used
for this mitigation.