Linux LD_PRELOAD/LD_AUDIT library: Permission denied with path in Detection mode #32

noproto · 2021-10-14T02:27:05Z

Files that do not exist are improperly returning "Permission denied" instead of "No such file or directory".

Erroneous output:

root@host:~# /example
WhiteBeam: /example: Permission denied
root@host:~# ./example
WhiteBeam: ./example: Permission denied

In syslog:

| Detection: /usr/bin/bash executed ./example (VerifyCanExecute)                                                                       | 1     |
| Detection: /usr/bin/bash executed /example (VerifyCanExecute)                                                                        | 1     |

Expected output:

root@host:~# /example
-bash: /example: No such file or directory
root@host:~# ./example
-bash: ./example: No such file or directory

(No syslog lines)

This is an issue in one of the Actions used by the Execution hooks provided by the Essential whitelist.

The text was updated successfully, but these errors were encountered:

noproto · 2021-10-14T02:30:44Z

Causes service --status-all to return WhiteBeam: /usr/local/sbin/grep: Permission denied on each line.
Also: zcat with gzip's path.

noproto added bug Something isn't working good first issue Good for newcomers labels Oct 14, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Linux LD_PRELOAD/LD_AUDIT library: Permission denied with path in Detection mode #32

Linux LD_PRELOAD/LD_AUDIT library: Permission denied with path in Detection mode #32

noproto commented Oct 14, 2021 •

edited

noproto commented Oct 14, 2021 •

edited

Linux LD_PRELOAD/LD_AUDIT library: Permission denied with path in Detection mode #32

Linux LD_PRELOAD/LD_AUDIT library: Permission denied with path in Detection mode #32

Comments

noproto commented Oct 14, 2021 • edited

noproto commented Oct 14, 2021 • edited

noproto commented Oct 14, 2021 •

edited

noproto commented Oct 14, 2021 •

edited