New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Linux LD_PRELOAD/LD_AUDIT library: Missing program name #44

Open

noproto opened this issue Oct 21, 2021 · 1 comment

Labels

bug

Collaborator

noproto commented Oct 21, 2021

Some executables are missing a name in log files and baselines (missing WB_PROG environment variable?).

Erroneous output:

| Detection: executed /usr/lib/ubuntu-advantage/apt-esm-hook (VerifyCanExecute) | 3 |
| Detection: accessed file with invalid file hash /usr/lib/ubuntu-advantage/apt-esm-hook (VerifyFileHash) | 3 |

Expected output:

| Detection: /opt/WhiteBeam/whitebeam executed /lib/x86_64-linux-gnu/libnss_dns.so.2 (la_objsearch)                                                              | 1     |
| Detection: /opt/WhiteBeam/whitebeam executed /lib/x86_64-linux-gnu/libnss_files.so.2 (la_objsearch)                                                            | 1     |

The text was updated successfully, but these errors were encountered:

noproto added the bug label

Collaborator Author

noproto commented Dec 28, 2021

Going to switch to getauxval of AT_EXECFN instead of using procfs, which should fix other issues too.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment