Module check_creds 

Shared credential structure detection for privilege escalation analysis.

In normal Linux operation each process has its own struct cred (or shares with parent/threads). When unrelated processes share the same cred pointer it is a strong indicator of privilege escalation — an exploit may have replaced a process’s cred pointer with another process’s (e.g. pointing to init’s cred to gain root).

Re-exports

pub use crate::heuristics::classify_shared_creds;

Structs

SharedCredInfo

Information about a process whose struct cred is shared with other unrelated processes.

Functions

walk_check_creds

Walk all tasks and detect shared struct cred pointers.