Bugfixes (8/20)

WhiteBeamSec · Jun 20, 2021 · 4702f09 · 4702f09
1 parent a5649e2
commit 4702f09
Show file tree

Hide file tree

Showing 7 changed files with 17 additions and 11 deletions.
diff --git a/src/application/main.rs b/src/application/main.rs
@@ -35,6 +35,7 @@ fn valid_auth() -> Result<bool, Box<dyn Error>> {
 fn run_add(class: &OsStr, path: &OsStr, value: Option<&OsStr>) -> Result<(), Box<dyn Error>> {
     // TODO: Single argument shortcut whitelist creation
     // TODO: Warn when static is being whitelisted
+    // TODO: Warn when an executable is in a writable directory
     if !platform::is_superuser() { return Err("WhiteBeam: Insufficient privileges for database changes".into()); }
     if !valid_auth()? { return Err("WhiteBeam: Authorization failed".into()); }
     let conn: rusqlite::Connection = common::db::db_open(false)?;

diff --git a/src/library/common/action/actions/filter_environment.rs b/src/library/common/action/actions/filter_environment.rs
@@ -89,7 +89,10 @@ build_action! { FilterEnvironment (_src_prog, hook, arg_id, args, do_return, ret
             }
         };
         let mut env_vec: Vec<*const libc::c_char> = Vec::new();
-        let program_path: std::ffi::OsString = platform::canonicalize_fd(args[0].real as i32).expect("WhiteBeam: Lost track of environment").into_os_string();
+        let program_path: std::ffi::OsString = match (library, symbol) {
+            ("/lib/x86_64-linux-gnu/libc.so.6", "fexecve") => platform::canonicalize_fd(args[0].real as i32).expect("WhiteBeam: Lost track of environment").into_os_string(),
+            _ => unsafe { crate::common::convert::c_char_to_osstring(args[0].real as *const libc::c_char) }
+        };
         if update_ld_audit {
             // TODO: Log null reference, process errors
             let new_ld_audit_cstring: Box<std::ffi::CString> = Box::new(crate::common::convert::osstr_to_cstring(&new_ld_audit_var).expect("WhiteBeam: Unexpected null reference"));

diff --git a/src/library/common/action/actions/open_file_descriptor.rs b/src/library/common/action/actions/open_file_descriptor.rs
@@ -16,7 +16,6 @@ build_action! { OpenFileDescriptor (src_prog, hook, arg_id, args, do_return, ret
         let file_argument: crate::common::db::ArgumentRow = args[file_index].clone();
         let file_value = file_argument.real as *const libc::c_char;
         let flags: i32 = match (library, symbol) {
-            // Execution: handled by default case
             // Filesystem
             ("/lib/x86_64-linux-gnu/libc.so.6", "fopen") |
             ("/lib/x86_64-linux-gnu/libc.so.6", "fopen64") => {

diff --git a/src/library/common/action/actions/redirect_function.rs b/src/library/common/action/actions/redirect_function.rs
@@ -8,10 +8,9 @@ build_action! { RedirectFunction (_src_prog, hook, _arg_id, args, do_return, ret
             ("/lib/x86_64-linux-gnu/libc.so.6", "execle") |
             ("/lib/x86_64-linux-gnu/libc.so.6", "execlp") |
             ("/lib/x86_64-linux-gnu/libc.so.6", "execv") |
-            ("/lib/x86_64-linux-gnu/libc.so.6", "execve") |
             ("/lib/x86_64-linux-gnu/libc.so.6", "execvp") |
             ("/lib/x86_64-linux-gnu/libc.so.6", "execvpe") => {
-                String::from("fexecve")
+                String::from("execve")
             },
             // Filesystem
             ("/lib/x86_64-linux-gnu/libc.so.6", "truncate") |

diff --git a/src/library/common/action/actions/verify_can_execute.rs b/src/library/common/action/actions/verify_can_execute.rs
@@ -29,10 +29,11 @@ build_action! { VerifyCanExecute (src_prog, hook, arg_id, args, do_return, retur
                 }
                 unsafe { String::from(std::ffi::CStr::from_ptr(argument.real as *const libc::c_char).to_str().expect("WhiteBeam: Unexpected null reference")) }
             },
-            _ => {
+            ("/lib/x86_64-linux-gnu/libc.so.6", "fexecve") => {
                 let canonical_path = platform::canonicalize_fd(argument.real as i32).expect("WhiteBeam: Lost track of environment");
                 canonical_path.into_os_string().into_string().expect("WhiteBeam: Unexpected null reference")
-            }
+            },
+            _ => unsafe { String::from(std::ffi::CStr::from_ptr(argument.real as *const libc::c_char).to_str().expect("WhiteBeam: Unexpected null reference")) }
         };
         // Permit whitelisted executables
         if all_allowed_executables.iter().any(|executable| executable == &target_executable) {

diff --git a/src/library/common/action/actions/verify_file_hash.rs b/src/library/common/action/actions/verify_file_hash.rs
@@ -18,10 +18,13 @@ build_action! { VerifyFileHash (src_prog, hook, arg_id, args, do_return, return_
         let symbol: &str = &hook.symbol;
         let any = String::from("ANY");
         let class = String::from("Hash/");
-        let argument_path = {
-            let argument: crate::common::db::ArgumentRow = args.iter().find(|arg| arg.id == arg_id).expect("WhiteBeam: Lost track of environment").clone();
-            let canonical_path = platform::canonicalize_fd(argument.real as i32).expect("WhiteBeam: Lost track of environment");
-            canonical_path.into_os_string().into_string().expect("WhiteBeam: Unexpected null reference")
+        let argument: crate::common::db::ArgumentRow = args.iter().find(|arg| arg.id == arg_id).expect("WhiteBeam: Lost track of environment").clone();
+        let argument_path: String = match (library, symbol) {
+            ("/lib/x86_64-linux-gnu/libc.so.6", "fexecve") => {
+                let canonical_path = platform::canonicalize_fd(argument.real as i32).expect("WhiteBeam: Lost track of environment");
+                canonical_path.into_os_string().into_string().expect("WhiteBeam: Unexpected null reference")
+            },
+            _ => unsafe { String::from(std::ffi::CStr::from_ptr(argument.real as *const libc::c_char).to_str().expect("WhiteBeam: Unexpected null reference")) }
         };
         let all_allowed_hashes: Vec<(String, String)> = {
             let whitelist_cache_lock = crate::common::db::WL_CACHE.lock().expect("WhiteBeam: Failed to lock mutex");

diff --git a/src/library/platforms/linux/mod.rs b/src/library/platforms/linux/mod.rs
@@ -280,7 +280,7 @@ unsafe extern "C" fn generic_hook(mut arg1: usize, mut args: ...) -> isize {
     };
     let hooked_fn_zargs: unsafe extern "C" fn() -> isize = std::mem::transmute(fn_addr);
     let hooked_fn_margs: unsafe extern "C" fn(arg1: usize, args: ...) -> isize = std::mem::transmute(fn_addr);
-    let par_args: Vec<&db::ArgumentRow> = arg_vec.iter().filter(|arg| arg.parent.is_none()).collect();
+    let par_args: Vec<&db::ArgumentRow> = arg_vec.iter().filter(|arg| arg.parent.is_none()).collect(); // Parent arguments
     argc = par_args.len();
     let ret: isize = match argc {
         0 => hooked_fn_zargs(),