Bug fixes (10/20), WhiteBeam 0.2.3

CHANGELOG.md

@@ -7,13 +7,22 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.2.3] - 2021-08-02
+
 ### Added
 
 - Improved baselines
+- Linux LD_PRELOAD/LD_AUDIT library: Support for mkdir/mkdirat hooks
+- Multi-architecture support, aarch64 (ARM64) builds
+- PrintArguments action
+
+### Changed
+
+- Updated to latest dependencies
 
 ### Fixed
 
-- Linux LD_PRELOAD/LD_AUDIT library: Poisoned mutexes in multithreaded programs
+- Linux LD_PRELOAD/LD_AUDIT library: Poisoned mutexes in multithreaded programs, misc. stability enhancements (10/20)
 
 ## [0.2.2] - 2021-05-12
 
@@ -44,22 +53,22 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Added
 
-- Project changelog
+- Commands to modify WhiteBeam settings, toggle hooks, and load SQL
+- Database-driven design
+- Hybrid hashing
 - Linux LD_PRELOAD/LD_AUDIT library: Generic hook
 - Linux LD_PRELOAD/LD_AUDIT library: Support for 40 hooks including Execution and Filesystem hooks
-- Database-driven design
-- Settings
-- Commands to modify WhiteBeam settings, toggle hooks, and load SQL
 - Modular action framework (compile time reflection), 12 actions
 - Modular hash framework (compile time reflection), added hashing algorithms (ARGON2ID, BLAKE3, SHA-3)
-- Hybrid hashing
+- Project changelog
 - Recovery secret
+- Settings
 
 ### Changed
 
+- Improved whitelisting system
 - Linux LD_PRELOAD/LD_AUDIT library: LD_AUDIT loader
 - Replaced SodiumOxide with pure Rust audited cryptography library (RustCrypto)
-- Improved whitelisting system
 - Updated to latest dependencies
 
 ### Removed
@@ -227,7 +236,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 - Project license
 
-[unreleased]: https://github.com/WhiteBeamSec/WhiteBeam/compare/v0.2.2...HEAD
+[unreleased]: https://github.com/WhiteBeamSec/WhiteBeam/compare/v0.2.3...HEAD
+[0.2.3]: https://github.com/WhiteBeamSec/WhiteBeam/compare/v0.2.2...v0.2.3
 [0.2.2]: https://github.com/WhiteBeamSec/WhiteBeam/compare/v0.2.1...v0.2.2
 [0.2.1]: https://github.com/WhiteBeamSec/WhiteBeam/compare/v0.2.0...v0.2.1
 [0.2.0]: https://github.com/WhiteBeamSec/WhiteBeam/compare/v0.1.3...v0.2.0

src/application/Cargo.toml

@@ -1,7 +1,7 @@
 # General info
 [package]
 name = "whitebeam"
-version = "0.2.2"
+version = "0.2.3"
 authors = ["WhiteBeam Security, Inc."]
 edition = "2018"
 

src/installer/Cargo.toml

@@ -1,7 +1,7 @@
 # General info
 [package]
 name = "whitebeam-installer"
-version = "0.2.2"
+version = "0.2.3"
 authors = ["WhiteBeam Security, Inc."]
 edition = "2018"
 

src/library/Cargo.toml

@@ -1,7 +1,7 @@
 # General info
 [package]
 name = "libwhitebeam"
-version = "0.2.2"
+version = "0.2.3"
 authors = ["WhiteBeam Security, Inc."]
 edition = "2018"
 

src/library/common/action/actions/split_file_path.rs

@@ -5,7 +5,11 @@ build_action! { SplitFilePath (_src_prog, hook, arg_id, args, do_return, return_
         let path_value = path_argument.real as *const libc::c_char;
         let path_osstring = unsafe { crate::common::convert::c_char_to_osstring(path_value) };
         let path_pathbuf: std::path::PathBuf = std::path::PathBuf::from(path_osstring);
-        let path_normal: std::path::PathBuf = crate::common::convert::normalize_path(&path_pathbuf);
+        let path_abspathbuf: std::path::PathBuf = match path_pathbuf.is_absolute() {
+            true => path_pathbuf,
+            false => std::env::current_dir().expect("WhiteBeam: Lost track of environment").join(path_pathbuf)
+        };
+        let path_normal: std::path::PathBuf = crate::common::convert::normalize_path(&path_abspathbuf);
         // TODO: Error handling
         let basename: &std::ffi::OsStr = (&path_normal).file_name().unwrap_or(&std::ffi::OsStr::new("."));
         let basename_cstring: Box<std::ffi::CString> = Box::new(crate::common::convert::osstr_to_cstring(basename).expect("WhiteBeam: Unexpected null reference"));

src/library/common/action/actions/verify_can_terminate.rs

@@ -1,5 +1,7 @@
 #[macro_use]
 build_action! { VerifyCanTerminate (src_prog, hook, arg_id, args, do_return, return_value) {
+        #[cfg(feature = "whitelist_test")]
+        return (hook, args, do_return, return_value);
         let pid_index = args.iter().position(|arg| arg.id == arg_id).expect("WhiteBeam: Lost track of environment");
         let pid: i32 = args[pid_index].clone().real as i32;
         let service_pid_string: String = std::fs::read_to_string(platform::get_data_file_path_string("whitebeam.pid")).expect("WhiteBeam: Lost track of environment");

src/library/common/action/mod.rs

@@ -54,7 +54,7 @@ pub fn process_action(src_prog: String, rule: db::RuleRow, hook: db::HookRow, ar
 pub fn process_post_action(_src_prog: String, hook_orig: db::HookRow, hook: db::HookRow, args: Vec<db::ArgumentRow>) -> (bool, isize) {
     let do_return = false;
     let return_value = 0 as isize;
-    // TODO: Replace below with post action framework (0.2.4)
+    // TODO: Replace below with post action framework (0.2.5)
     // TODO: May need fopen/fopen64 => fdopen
     match (hook_orig.symbol.as_ref(), hook.symbol.as_ref()) {
         ("symlink", "symlinkat") => {

src/library/common/convert.rs

@@ -7,7 +7,7 @@ use std::{ffi::CStr,
           os::unix::ffi::OsStrExt,
           os::unix::ffi::OsStringExt};
 
-// TODO: impl/trait? Extend types? .into()? 0.2.3
+// TODO: impl/trait? Extend types? .into()?
 
 pub unsafe fn c_char_to_osstring(char_ptr: *const c_char) -> OsString {
     match char_ptr.is_null() {

src/library/common/event.rs

@@ -23,9 +23,8 @@ fn get_timeout() -> u64 {
 }
 
 pub fn send_log_event(class: i64, log: String) {
-    if cfg!(feature = "whitelist_test") {
-        return;
-    }
+    #[cfg(feature = "whitelist_test")]
+    return;
     let log_level: i64 = match db::get_setting(String::from("LogVerbosity")).parse() {
         Ok(level) => level,
         // TODO: Log errors

src/library/tests/Cargo.toml

@@ -1,7 +1,7 @@
 # General info
 [package]
 name = "libwhitebeam-tests"
-version = "0.2.2"
+version = "0.2.3"
 authors = ["WhiteBeam Security, Inc."]
 edition = "2018"