Minimal 436-bytes exploit for Copy Fail, thanks to the power of golfing

This ELF ultra golfs the exploit by being totally unmapped, rwx, and by using itself conditionally as the ELF payload to use to poison the cache. More cursed ELF internals golfs coming soon

Have a better idea? Compete at https://copy.golf/

=== BEGIN SLOPPED PORTION ===

• Technical writeup: https://copy.fail/
• Upstream PoC repository: https://github.com/theori-io/copy-fail-CVE-2026-31431
• NVD entry: https://nvd.nist.gov/vuln/detail/CVE-2026-31431

• Linux x86_64
• gcc
• ld
• strip

On Debian/Ubuntu:

sudo apt install build-essential binutils

The repository includes a pinned shell.nix and .envrc.

With nix-shell:

nix-shell

With direnv:

direnv allow

This provides the reproducible toolchain used here:

gcc 15.2.1
GNU ld / strip from llvmPackages_19.bintools
python3

make

If you are using Nix or direnv, make will use the toolchain from the shell automatically.

You can also try the exploit inside a quick Ubuntu Server 24.04 LTS VM

cd test-vm
./quick-test.sh

make size

make clean

gcc version 13.3.0 (Ubuntu 13.3.0-6ubuntu2~24.04.1)
GNU ld (GNU Binutils for Ubuntu) 2.42
GNU strip (GNU Binutils for Ubuntu) 2.42

Reproducible smaller build:

gcc 15.2.1
GNU ld 2.46
GNU strip with --strip-section-headers

Final size varies with GCC, binutils, and the strip implementation.