From aa1dd5cebbd8e38337daccd06367fe5fdd6bd3ec Mon Sep 17 00:00:00 2001
From: Nathan Nye <nnye@whitebeamsec.com>
Date: Sun, 10 Oct 2021 02:55:59 +0000
Subject: [PATCH] WhiteBeam 0.2.5: Stability enhancements

---
 src/library/common/action/actions/add_int.rs |  2 ++
 src/library/platforms/linux/mod.rs           | 12 +++++++++---
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/src/library/common/action/actions/add_int.rs b/src/library/common/action/actions/add_int.rs
index d22c9c6..dcb6052 100644
--- a/src/library/common/action/actions/add_int.rs
+++ b/src/library/common/action/actions/add_int.rs
@@ -18,6 +18,8 @@ build_action! { AddInt (_src_prog, hook, _arg_id, args, _act_args, do_return, re
             _ => 0
         } as usize;
         let position = match (library_basename, symbol) {
+            // Execution
+            ("libdl.so.2", "dlopen") => 0,
             // Filesystem
             ("libc.so.6", "creat") |
             ("libc.so.6", "creat64") => {
diff --git a/src/library/platforms/linux/mod.rs b/src/library/platforms/linux/mod.rs
index 982c7ba..ef31b56 100644
--- a/src/library/platforms/linux/mod.rs
+++ b/src/library/platforms/linux/mod.rs
@@ -270,11 +270,17 @@ unsafe extern "C" fn la_symbind64(sym: *const libc::Elf64_Sym, _ndx: libc::c_uin
     if (*refcook) == 0 {
         return (*(sym)).st_value as usize;
     }
-    // FIXME: Hack around libpam/libcrypto issue: pattern of custom implementations of libc functions? (python dlopen/_pam_dlopen/openssl_fopen used by python/sshd/curl)
-    if ((calling_library_basename_str == "libpam.so.0") && (symbol_str == "dlopen")) ||
-       ((calling_library_basename_str == "libcrypto.so.1.1") && (symbol_str == "fopen64")) {
+    // FIXME: Hacks around Python/libcrypto issue: (python dlopen/openssl_fopen used by python/curl)
+    if (calling_library_basename_str == "libcrypto.so.1.1") && (symbol_str == "fopen64") {
         return (*(sym)).st_value as usize;
     }
+    if symbol_str == "dlopen" {
+        if let Ok(exe) = std::env::current_exe() {
+            if let Ok(exe_string) = exe.into_os_string().into_string() {
+                if exe_string.starts_with("/usr/bin/python") { return (*(sym)).st_value as usize; }
+            }
+        }
+    }
     {
         let hook_cache_lock = db::HOOK_CACHE.lock().expect("WhiteBeam: Failed to lock mutex");
         // TODO: Use .find() instead