Open noproto opened 2 years ago
Notes:
execvp
(6), dlopen
(9), fopen
(15), fopen64
(16), and __open64_2
(46) hooks are enabled (test case: apt -y install sl && apt -y remove sl
), which the above stability conditions presently cover__open64_2
hook is triggered by Perl: calls __openat64_2(3, "urandom", 524288)
, where 3 is an fd to /dev and 524288 is O_RDONLY|O_CLOEXEC
(also covered by the above stability conditions)All dlopen
exceptions are deleted. execvp
exception narrowed to /usr/bin/apt
.
The execvp
issue may be identified. Environment set in Perl are not being passed to executed programs:
$ LD_PRELOAD=/path/to/libwhitebeam.so LD_AUDIT=/path/to/libwhitebeam.so LD_BIND_NOT=1 /usr/bin/perl -we 'local $ENV{EXAMPLE_ENV}="SET";exec "/usr/bin/printenv", "EXAMPLE_ENV";'
$ /usr/bin/perl -we 'local $ENV{EXAMPLE_ENV}="SET";exec "/usr/bin/printenv", "EXAMPLE_ENV";'
SET
execvp
disabled, issue not present:
$ echo 'UPDATE Hook SET enabled=0 WHERE symbol="execvp";' | whitebeam --load -
WhiteBeam: Loading SQL from standard input
$ LD_PRELOAD=/path/to/libwhitebeam.so LD_AUDIT=/path/to/libwhitebeam.so LD_BIND_NOT=1 /usr/bin/perl -we 'local $ENV{EXAMPLE_ENV}="SET";exec "/usr/bin/printenv", "EXAMPLE_ENV";'
SET
Reproducible outside of Perl:
$ LD_PRELOAD=/path/to/libwhitebeam.so LD_AUDIT=/path/to/libwhitebeam.so LD_BIND_NOT=1 /usr/bin/python3 -c 'import os;os.environ["EXAMPLE_ENV"]="SET";os.execvp("/usr/bin/printenv",["/usr/bin/printenv","EXAMPLE_ENV"]);'
$ /usr/bin/python3 -c 'import os;os.environ["EXAMPLE_ENV"]="SET";os.execvp("/usr/bin/printenv",["/usr/bin/printenv","EXAMPLE_ENV"]);'
SET
The following code block should be deleted by troubleshooting inconsistent behavior or glibc's linker profiling mode: https://github.com/WhiteBeamSec/WhiteBeam/blob/93d956c68fdc711c7813e58a28d68171d45bcfcf/src/library/platforms/linux/mod.rs#L273-L300
This issue can be broken down into three hooks:
curl 1.1.1.1
)