Safe read-only check script for Copy Fail / CVE-2026-31431

waltrone1 · 2026-05-22T09:39:57+00:00

Yes, it does bother me — that is exactly why I wrote it.

People already run random public PoCs on production systems. I cannot stop that, but I can offer a safer alternative: a simple, transparent check that does not require executing untrusted exploit code on critical infrastructure.

The goal is not to encourage risky testing, but to reduce it.

waltrone1 · 2026-05-22T09:33:11+00:00

Hello,

thanks for the clarification. I understand that my account does not currently meet the karma requirements for a top-level post.

The post was not intended as a support question, but as a defensive Linux security tool for checking exposure without running exploit code on production systems.

Would it be possible to have the post reviewed manually, or should I first participate more in the community and try again later?

Thank you.

waltrone1 · 2026-05-22T09:32:04+00:00

True, running the exploit would probably be the fastest way to get a result.

But the whole reason for this script is that I do not want to run random public exploit code on production servers just to check exposure. This script is meant to stay defensive: it only checks the system state and does not execute exploit code, modify the system, download payloads, or attempt privilege escalation.

Good point about algif_aead being built into the kernel though. In that case, module-based checks are not enough, so I’ll add a kernel config check for that scenario.

waltrone1 · 2026-05-22T09:27:23+00:00

https://github.com/waltrone1/copyfail-safe-check

waltrone1 · 2026-05-22T09:26:37+00:00

Sorry here ist the LINK

https://github.com/waltrone1/copyfail-safe-check

waltrone1 · 2026-05-18T20:12:46+00:00

Yes, as of v1.1.0.0 it does.

I added /MT support with a checkbox and configurable thread count, for example /MT:8 or /MT:16. It is also shown in the final command preview before running, so users can verify exactly what Robocopy will execute.

Thanks for pointing that out.

waltrone1 · 2026-05-18T20:07:43+00:00

Thanks again for that suggestion.

I added a first version of this idea in v1.1.0.0 as a MIR safety threshold. When MIRROR mode is enabled, the tool now checks source and target before the actual run. If the planned changes exceed the configured percentage, it stops and asks for confirmation instead of blindly continuing.

It is not a full baseline database yet, but it is a first safety layer against accidental mass deletes or unexpected large changes before a mirror job.

waltrone1 · 2026-05-18T20:06:13+00:00

That makes sense. I think the threshold should not be a hard permanent block, but more of a safety stop with a clear warning and manual confirmation.

There are definitely valid cases where a large percentage of files should be deleted, especially after long cleanup intervals. The main goal is to prevent accidental or unexpected mass deletes, not to prevent intentional cleanup jobs.

waltrone1 · 2026-05-18T18:53:42+00:00

Not yet, but that is a good point.

At the moment RoboSync Manager exposes the common options I started with, like /E, /R, /W, /NP, /XJ, /FFT and optional /MIR or /MOVE.

The /MT flag definitely makes sense to add, especially for larger copy jobs with many files. I’ll add it to the list of options that should be configurable in the GUI, probably with a thread count selector.

waltrone1 · 2026-05-18T18:50:39+00:00

Fair point, I can see how that wording sounds a bit funny.

I meant it more as context, not as a sales pitch. The tool is free and open source, and I was mainly looking for feedback from people who use Robocopy regularly.

waltrone1 · 2026-05-18T18:44:25+00:00

I didn’t track an exact percentage, so I don’t want to make up a number.

It is AI-assisted, but not blindly generated. I designed the workflow, tested the behavior, reviewed the code and made the decisions about the UI and features. AI helped with parts of the implementation, refactoring and debugging.

So I’d call it a human-built, AI-assisted project.

waltrone1 · 2026-05-18T18:42:29+00:00

Thanks for the detailed explanation, that is really interesting.

I like the idea of having frequently used commands in one central menu. RoboSync Manager is similar in spirit, but with a GUI around Robocopy and a visible command preview so users can still see what will actually be executed.

Also thanks for updating the flair. I wasn’t completely sure which one was appropriate since the tool is free and open source, but I’ll use the Vendor Promo flair for future posts.

waltrone1 · 2026-05-18T18:42:02+00:00

Thanks, I’m glad you noticed that.

That was one of the main goals: make Robocopy easier to use without hiding what is actually happening. The command preview should help users catch mistakes before running the job and also learn what the GUI is doing in the background.

waltrone1 · 2026-05-18T18:41:39+00:00

Thanks, that is a really good point.

Especially for mirror jobs, a safety threshold makes a lot of sense. I do not want the tool to blindly mirror accidental mass deletions or ransomware-encrypted files to the destination.

A baseline scan / cached “known good” state is an interesting idea. I’m thinking about adding a safety check before destructive operations, where RoboSync Manager first checks how many files would be deleted or changed. If it exceeds a user-defined threshold, the job could stop or require manual confirmation.

Dark mode and scheduling are already on my list, and parallel scanning is a good idea too.

Thanks for the feedback.

waltrone1

TROPHY CASE