WhiteBeam icon indicating copy to clipboard operation
WhiteBeam copied to clipboard

Published 20 hours ago verified publisher icon WhiteBeamSec

Linux LD_PRELOAD/LD_AUDIT library: Missing program name

Open noproto opened this issue 3 years ago • 1 comments

Some executables are missing a name in log files and baselines (missing WB_PROG environment variable?).

Erroneous output:

| Detection: executed /usr/lib/ubuntu-advantage/apt-esm-hook (VerifyCanExecute) | 3 |
| Detection: accessed file with invalid file hash /usr/lib/ubuntu-advantage/apt-esm-hook (VerifyFileHash) | 3 |

Expected output:

| Detection: /opt/WhiteBeam/whitebeam executed /lib/x86_64-linux-gnu/libnss_dns.so.2 (la_objsearch)                                                              | 1     |
| Detection: /opt/WhiteBeam/whitebeam executed /lib/x86_64-linux-gnu/libnss_files.so.2 (la_objsearch)                                                            | 1     |

noproto avatar Oct 21 '21 02:10 noproto

Going to switch to getauxval of AT_EXECFN instead of using procfs, which should fix other issues too.

noproto avatar Dec 28 '21 06:12 noproto