From e6e05a1693c7aa3c9917220125796511b6dc57d4 Mon Sep 17 00:00:00 2001 From: Nathan Nye Date: Mon, 2 Aug 2021 00:09:01 -0400 Subject: [PATCH] Bug fixes (10/20), WhiteBeam 0.2.3 --- CHANGELOG.md | 26 +++++++++++++------ src/application/Cargo.toml | 2 +- src/installer/Cargo.toml | 2 +- src/library/Cargo.toml | 2 +- .../common/action/actions/split_file_path.rs | 6 ++++- .../action/actions/verify_can_terminate.rs | 2 ++ src/library/common/action/mod.rs | 2 +- src/library/common/convert.rs | 2 +- src/library/common/event.rs | 5 ++-- src/library/tests/Cargo.toml | 2 +- 10 files changed, 33 insertions(+), 18 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3b7f8dc..5ed5c54 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,13 +7,22 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +## [0.2.3] - 2021-08-02 + ### Added - Improved baselines +- Linux LD_PRELOAD/LD_AUDIT library: Support for mkdir/mkdirat hooks +- Multi-architecture support, aarch64 (ARM64) builds +- PrintArguments action + +### Changed + +- Updated to latest dependencies ### Fixed -- Linux LD_PRELOAD/LD_AUDIT library: Poisoned mutexes in multithreaded programs +- Linux LD_PRELOAD/LD_AUDIT library: Poisoned mutexes in multithreaded programs, misc. stability enhancements (10/20) ## [0.2.2] - 2021-05-12 @@ -44,22 +53,22 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Added -- Project changelog +- Commands to modify WhiteBeam settings, toggle hooks, and load SQL +- Database-driven design +- Hybrid hashing - Linux LD_PRELOAD/LD_AUDIT library: Generic hook - Linux LD_PRELOAD/LD_AUDIT library: Support for 40 hooks including Execution and Filesystem hooks -- Database-driven design -- Settings -- Commands to modify WhiteBeam settings, toggle hooks, and load SQL - Modular action framework (compile time reflection), 12 actions - Modular hash framework (compile time reflection), added hashing algorithms (ARGON2ID, BLAKE3, SHA-3) -- Hybrid hashing +- Project changelog - Recovery secret +- Settings ### Changed +- Improved whitelisting system - Linux LD_PRELOAD/LD_AUDIT library: LD_AUDIT loader - Replaced SodiumOxide with pure Rust audited cryptography library (RustCrypto) -- Improved whitelisting system - Updated to latest dependencies ### Removed @@ -227,7 +236,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Project license -[unreleased]: https://github.com/WhiteBeamSec/WhiteBeam/compare/v0.2.2...HEAD +[unreleased]: https://github.com/WhiteBeamSec/WhiteBeam/compare/v0.2.3...HEAD +[0.2.3]: https://github.com/WhiteBeamSec/WhiteBeam/compare/v0.2.2...v0.2.3 [0.2.2]: https://github.com/WhiteBeamSec/WhiteBeam/compare/v0.2.1...v0.2.2 [0.2.1]: https://github.com/WhiteBeamSec/WhiteBeam/compare/v0.2.0...v0.2.1 [0.2.0]: https://github.com/WhiteBeamSec/WhiteBeam/compare/v0.1.3...v0.2.0 diff --git a/src/application/Cargo.toml b/src/application/Cargo.toml index dfccfe7..cc14ad3 100644 --- a/src/application/Cargo.toml +++ b/src/application/Cargo.toml @@ -1,7 +1,7 @@ # General info [package] name = "whitebeam" -version = "0.2.2" +version = "0.2.3" authors = ["WhiteBeam Security, Inc."] edition = "2018" diff --git a/src/installer/Cargo.toml b/src/installer/Cargo.toml index 3be7583..d0b1067 100644 --- a/src/installer/Cargo.toml +++ b/src/installer/Cargo.toml @@ -1,7 +1,7 @@ # General info [package] name = "whitebeam-installer" -version = "0.2.2" +version = "0.2.3" authors = ["WhiteBeam Security, Inc."] edition = "2018" diff --git a/src/library/Cargo.toml b/src/library/Cargo.toml index f7c18f8..2793eb5 100644 --- a/src/library/Cargo.toml +++ b/src/library/Cargo.toml @@ -1,7 +1,7 @@ # General info [package] name = "libwhitebeam" -version = "0.2.2" +version = "0.2.3" authors = ["WhiteBeam Security, Inc."] edition = "2018" diff --git a/src/library/common/action/actions/split_file_path.rs b/src/library/common/action/actions/split_file_path.rs index 1f70ef0..1daefd8 100644 --- a/src/library/common/action/actions/split_file_path.rs +++ b/src/library/common/action/actions/split_file_path.rs @@ -5,7 +5,11 @@ build_action! { SplitFilePath (_src_prog, hook, arg_id, args, do_return, return_ let path_value = path_argument.real as *const libc::c_char; let path_osstring = unsafe { crate::common::convert::c_char_to_osstring(path_value) }; let path_pathbuf: std::path::PathBuf = std::path::PathBuf::from(path_osstring); - let path_normal: std::path::PathBuf = crate::common::convert::normalize_path(&path_pathbuf); + let path_abspathbuf: std::path::PathBuf = match path_pathbuf.is_absolute() { + true => path_pathbuf, + false => std::env::current_dir().expect("WhiteBeam: Lost track of environment").join(path_pathbuf) + }; + let path_normal: std::path::PathBuf = crate::common::convert::normalize_path(&path_abspathbuf); // TODO: Error handling let basename: &std::ffi::OsStr = (&path_normal).file_name().unwrap_or(&std::ffi::OsStr::new(".")); let basename_cstring: Box = Box::new(crate::common::convert::osstr_to_cstring(basename).expect("WhiteBeam: Unexpected null reference")); diff --git a/src/library/common/action/actions/verify_can_terminate.rs b/src/library/common/action/actions/verify_can_terminate.rs index 0865074..ec82209 100644 --- a/src/library/common/action/actions/verify_can_terminate.rs +++ b/src/library/common/action/actions/verify_can_terminate.rs @@ -1,5 +1,7 @@ #[macro_use] build_action! { VerifyCanTerminate (src_prog, hook, arg_id, args, do_return, return_value) { + #[cfg(feature = "whitelist_test")] + return (hook, args, do_return, return_value); let pid_index = args.iter().position(|arg| arg.id == arg_id).expect("WhiteBeam: Lost track of environment"); let pid: i32 = args[pid_index].clone().real as i32; let service_pid_string: String = std::fs::read_to_string(platform::get_data_file_path_string("whitebeam.pid")).expect("WhiteBeam: Lost track of environment"); diff --git a/src/library/common/action/mod.rs b/src/library/common/action/mod.rs index d869449..d65db5f 100644 --- a/src/library/common/action/mod.rs +++ b/src/library/common/action/mod.rs @@ -54,7 +54,7 @@ pub fn process_action(src_prog: String, rule: db::RuleRow, hook: db::HookRow, ar pub fn process_post_action(_src_prog: String, hook_orig: db::HookRow, hook: db::HookRow, args: Vec) -> (bool, isize) { let do_return = false; let return_value = 0 as isize; - // TODO: Replace below with post action framework (0.2.4) + // TODO: Replace below with post action framework (0.2.5) // TODO: May need fopen/fopen64 => fdopen match (hook_orig.symbol.as_ref(), hook.symbol.as_ref()) { ("symlink", "symlinkat") => { diff --git a/src/library/common/convert.rs b/src/library/common/convert.rs index 7a77d1f..08ddd8d 100644 --- a/src/library/common/convert.rs +++ b/src/library/common/convert.rs @@ -7,7 +7,7 @@ use std::{ffi::CStr, os::unix::ffi::OsStrExt, os::unix::ffi::OsStringExt}; -// TODO: impl/trait? Extend types? .into()? 0.2.3 +// TODO: impl/trait? Extend types? .into()? pub unsafe fn c_char_to_osstring(char_ptr: *const c_char) -> OsString { match char_ptr.is_null() { diff --git a/src/library/common/event.rs b/src/library/common/event.rs index 18ea1c2..8300d80 100644 --- a/src/library/common/event.rs +++ b/src/library/common/event.rs @@ -23,9 +23,8 @@ fn get_timeout() -> u64 { } pub fn send_log_event(class: i64, log: String) { - if cfg!(feature = "whitelist_test") { - return; - } + #[cfg(feature = "whitelist_test")] + return; let log_level: i64 = match db::get_setting(String::from("LogVerbosity")).parse() { Ok(level) => level, // TODO: Log errors diff --git a/src/library/tests/Cargo.toml b/src/library/tests/Cargo.toml index c68c3f6..b166098 100644 --- a/src/library/tests/Cargo.toml +++ b/src/library/tests/Cargo.toml @@ -1,7 +1,7 @@ # General info [package] name = "libwhitebeam-tests" -version = "0.2.2" +version = "0.2.3" authors = ["WhiteBeam Security, Inc."] edition = "2018"