pub fn classify_shared_creds(pid: u32, shared_with: &[u32], uid: u32) -> boolExpand description
Classify whether shared struct cred pointers indicate credential theft.
Returns true when a non-kernel-thread shares credentials with init (PID 1)
or when unrelated processes share credentials.