diff --git a/CHANGELOG.md b/CHANGELOG.md index ff33818..ae4bc23 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +## [0.2.6] - 2021-10-13 + +### Fixed + +- Linux LD_PRELOAD/LD_AUDIT library: Stability enhancements cont. + ## [0.2.5] - 2021-10-10 ### Added @@ -269,7 +275,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Project license -[unreleased]: https://github.com/WhiteBeamSec/WhiteBeam/compare/v0.2.5...HEAD +[unreleased]: https://github.com/WhiteBeamSec/WhiteBeam/compare/v0.2.6...HEAD +[0.2.6]: https://github.com/WhiteBeamSec/WhiteBeam/compare/v0.2.5...v0.2.6 [0.2.5]: https://github.com/WhiteBeamSec/WhiteBeam/compare/v0.2.4...v0.2.5 [0.2.4]: https://github.com/WhiteBeamSec/WhiteBeam/compare/v0.2.3...v0.2.4 [0.2.3]: https://github.com/WhiteBeamSec/WhiteBeam/compare/v0.2.2...v0.2.3 diff --git a/src/application/Cargo.toml b/src/application/Cargo.toml index e6655a7..3915608 100644 --- a/src/application/Cargo.toml +++ b/src/application/Cargo.toml @@ -1,7 +1,7 @@ # General info [package] name = "whitebeam" -version = "0.2.5" +version = "0.2.6" authors = ["WhiteBeam Security, Inc."] edition = "2018" diff --git a/src/installer/Cargo.toml b/src/installer/Cargo.toml index a7e1f8a..0890f33 100644 --- a/src/installer/Cargo.toml +++ b/src/installer/Cargo.toml @@ -1,7 +1,7 @@ # General info [package] name = "whitebeam-installer" -version = "0.2.5" +version = "0.2.6" authors = ["WhiteBeam Security, Inc."] edition = "2018" diff --git a/src/library/Cargo.toml b/src/library/Cargo.toml index 235bfec..83703ab 100644 --- a/src/library/Cargo.toml +++ b/src/library/Cargo.toml @@ -1,7 +1,7 @@ # General info [package] name = "libwhitebeam" -version = "0.2.5" +version = "0.2.6" authors = ["WhiteBeam Security, Inc."] edition = "2018" diff --git a/src/library/platforms/linux/mod.rs b/src/library/platforms/linux/mod.rs index c7cbbf5..7197e8b 100644 --- a/src/library/platforms/linux/mod.rs +++ b/src/library/platforms/linux/mod.rs @@ -270,27 +270,34 @@ unsafe extern "C" fn la_symbind64(sym: *const libc::Elf64_Sym, _ndx: libc::c_uin if (*refcook) == 0 { return (*(sym)).st_value as usize; } - // FIXME: Hacks various Python/rsyslog/dpkg/libcrypto issue(s): (python dlopen/dlopen/dlopen/openssl_fopen used by python/rsyslog/curl respectively) - if ((calling_library_basename_str == "libpam.so.0") && (symbol_str == "dlopen")) || - ((calling_library_basename_str == "libcrypto.so.1.1") && (symbol_str == "fopen64")) { - return (*(sym)).st_value as usize; - } - if symbol_str == "dlopen" { - if let Ok(exe) = std::env::current_exe() { - if let Ok(exe_string) = exe.into_os_string().into_string() { - if exe_string.starts_with("/usr/bin/python") || - exe_string == String::from("/usr/sbin/rsyslogd") || - exe_string == String::from("/usr/bin/perl") { return (*(sym)).st_value as usize; } + // FIXME: Stability exceptions + match symbol_str { + "dlopen" => { + if let Ok(exe) = std::env::current_exe() { + if let Ok(exe_string) = exe.into_os_string().into_string() { + if exe_string.starts_with("/usr/bin/python") || + exe_string == String::from("/usr/sbin/rsyslogd") || + exe_string == String::from("/usr/bin/perl") { return (*(sym)).st_value as usize; } + } } - } - } - if symbol_str == "execvp" { - if let Ok(exe) = std::env::current_exe() { - if let Ok(exe_string) = exe.into_os_string().into_string() { - if exe_string.starts_with("/usr/bin/apt") { return (*(sym)).st_value as usize; } + if calling_library_basename_str == "libpam.so.0" { + return (*(sym)).st_value as usize; + } + }, + "execvp" => { + if let Ok(exe) = std::env::current_exe() { + if let Ok(exe_string) = exe.into_os_string().into_string() { + if exe_string.starts_with("/usr/bin/apt") { return (*(sym)).st_value as usize; } + } + } + }, + "fopen64" => { + if calling_library_basename_str == "libcrypto.so.1.1" { + return (*(sym)).st_value as usize; } } - } + _ => () + }; { let hook_cache_lock = db::HOOK_CACHE.lock().expect("WhiteBeam: Failed to lock mutex"); // TODO: Use .find() instead @@ -302,7 +309,7 @@ unsafe extern "C" fn la_symbind64(sym: *const libc::Elf64_Sym, _ndx: libc::c_uin // Get some information ahead of time of what the redirected symbol/library will be let addr = match db::get_redirect(hook.id) { Some(redirected_function) => { resolve_symbol(&redirected_function.0, &redirected_function.1) }, - None => resolve_symbol(&hook.library, &hook.symbol) + None => (*(sym)).st_value as *const u8 }; crate::common::hook::FN_STACK.lock().unwrap().push((hook.id, addr as usize)); }; @@ -314,6 +321,10 @@ unsafe extern "C" fn la_symbind64(sym: *const libc::Elf64_Sym, _ndx: libc::c_uin } pub unsafe fn resolve_symbol(library: &str, symbol: &str) -> *const u8 { + // FIXME: dlmopen() issue with sshd on x86_64 + if symbol == "execve" { + return libc::execve as *const u8 + } let library_cstring: CString = CString::new(library).expect("WhiteBeam: Unexpected null reference"); let symbol_cstring: CString = CString::new(symbol).expect("WhiteBeam: Unexpected null reference"); let handle: *mut libc::c_void = libc::dlmopen(libc::LM_ID_BASE, library_cstring.as_ptr() as *const c_char, libc::RTLD_LAZY); diff --git a/src/library/tests/Cargo.toml b/src/library/tests/Cargo.toml index c8e46e9..715a036 100644 --- a/src/library/tests/Cargo.toml +++ b/src/library/tests/Cargo.toml @@ -1,7 +1,7 @@ # General info [package] name = "libwhitebeam-tests" -version = "0.2.5" +version = "0.2.6" authors = ["WhiteBeam Security, Inc."] edition = "2018"