ReddRadar
Agent skill
detecting-privilege-escalation
Detects privilege escalation vulnerabilities including setuid/setgid abuse, permission check bypasses, and unsafe privilege management. Use when analyzing setuid binaries, permission checks, or investigating privilege escalation paths.
Install this agent skill to your Project
npx add-skill https://github.com/majiayu000/claude-skill-registry/tree/main/skills/design/detecting-privilege-escalation-waiwai24-binaryx-agent-55adf717
SKILL.md
Privilege Escalation Detection
Detection Workflow
- Identify privileged operations: Find setuid/setgid binaries, locate privilege checks, identify file operations with elevated privileges, map privilege boundaries
- Analyze permission model: Understand intended permission model, identify all privilege boundaries, map privilege escalation paths, assess access control mechanisms
- Check validation: Verify permission checks are correct, look for race conditions, assess validation completeness, identify TOCTOU issues
- Assess exploitability: Can attacker bypass checks? Is there a usable escalation path? What's the impact of successful escalation?
Key Patterns
- Setuid/setgid binaries: binaries with setuid/setgid bits set, unsafe operations in privileged binaries, environment variable usage, path traversal vulnerabilities
- Insecure permission checks: race conditions in permission checks, missing privilege validation, TOCTOU in file operations, weak access control implementations
- Environment-based escalation: environment variable manipulation, LD_PRELOAD/DT_RPATH abuse, PATH manipulation, IFS exploitation
- Resource manipulation: symlink attacks, hard link manipulation, file descriptor manipulation, /proc filesystem abuse
Output Format
Report with: id, type, subtype, severity, confidence, location, binary_info (path, setuid, setgid, owner), vulnerability, attack_path, exploitable, impact, mitigation.
Severity Guidelines
- CRITICAL: Direct path to root/admin access
- HIGH: Escalation to lower privileged user
- MEDIUM: Limited privilege escalation
- LOW: Information disclosure about privileges
See Also
patterns.md- Detailed detection patterns and exploitation scenariosexamples.md- Example analysis cases and code samplesreferences.md- CWE references and mitigation strategies
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
majiayu000/claude-skill-registry
agent-ops-spec
Manage specification documents in .agent/specs/. Use when user provides requirements, acceptance criteria, or feature descriptions that need to be tracked and validated against implementation.
majiayu000/claude-skill-registry
agent-ops-state
Maintain .agent state files. Use at session start, after meaningful steps, and before concluding: read/update constitution/memory/focus/issues/baseline consistently.
majiayu000/claude-skill-registry
agent-ops-spec
Manage specification documents in .agent/specs/. Use when user provides requirements, acceptance criteria, or feature descriptions that need to be tracked and validated against implementation.
majiayu000/claude-skill-registry
agent-ops-testing
Test strategy, execution, and coverage analysis. Use when designing tests, running test suites, or analyzing test results beyond baseline checks.
majiayu000/claude-skill-registry
agent-ops-testing
Test strategy, execution, and coverage analysis. Use when designing tests, running test suites, or analyzing test results beyond baseline checks.
majiayu000/claude-skill-registry
agent-ops-state
Maintain .agent state files. Use at session start, after meaningful steps, and before concluding: read/update constitution/memory/focus/issues/baseline consistently.
Didn't find tool you were looking for?