[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CALCETrWDLX68Vi4=9Dicq9ATmJ5mv36bzrc02heNYaHaBeWumQ@mail.gmail.com>
Date: Tue, 24 Sep 2019 10:20:09 -0700
From: Andy Lutomirski <luto@...nel.org>
To: Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>
Cc: Dave Hansen <dave.hansen@...el.com>,
LKML <linux-kernel@...r.kernel.org>, X86 ML <x86@...nel.org>,
linux-sgx@...r.kernel.org,
Andrew Morton <akpm@...ux-foundation.org>,
"Christopherson, Sean J" <sean.j.christopherson@...el.com>,
nhorman@...hat.com, npmccallum@...hat.com,
"Ayoun, Serge" <serge.ayoun@...el.com>,
"Katz-zamir, Shay" <shay.katz-zamir@...el.com>,
"Huang, Haitao" <haitao.huang@...el.com>,
Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
Thomas Gleixner <tglx@...utronix.de>,
"Svahn, Kai" <kai.svahn@...el.com>, Borislav Petkov <bp@...en8.de>,
Josh Triplett <josh@...htriplett.org>,
Andrew Lutomirski <luto@...nel.org>,
"Huang, Kai" <kai.huang@...el.com>,
David Rientjes <rientjes@...gle.com>,
"Xing, Cedric" <cedric.xing@...el.com>
Subject: Re: [PATCH v22 00/24] Intel SGX foundations
> On Sep 15, 2019, at 10:24 PM, Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com> wrote:
>
> On Sat, Sep 14, 2019 at 08:32:38AM -0700, Dave Hansen wrote:
>>>> On 9/14/19 6:41 AM, Jarkko Sakkinen wrote:
>>>> The proposed LSM hooks give the granularity to make yes/no decision
>>>> based on the
>>>> * The origin of the source of the source for the enclave.
>>>> * The requested permissions for the added or mapped peage.
>>>> The hooks to do these checks are provided for mmap() and EADD
>>>> operations.
>>>> With just file permissions you can still limit mmap() by having a
>>>> privileged process to build the enclaves and pass the file descriptor
>>>> to the enclave user who can mmap() the enclave within the constraints
>>>> set by the enclave pages (their permissions refine the roof that you
>>>> can mmap() any memory range within an enclave).
>> The LSM hooks are presumably fixing a problem that these patches
>> introduce. What's that problem?
>
> I've seen the claims that one would have to degrade one's LSM policy but
> I don't think that is true.
>
> With just UNIX permissions you have probably have to restrict the access
> to /dev/sgx/enclave to control who can build enclaves. The processes who
> do not have this privilege can mmap() the enclave once they get the file
> descriptor through forking or SCM_RIGHTS.
As the person who originally raised the issue, I feel like I should
rehash the issue:
Right now, using SELinux or probably other LSMs, it's straightforward
to prevent programs from having any executable pages whose contents
doesn't come from an approved (e.g. appropriately labeled) source.
With /dev/sgx/enclave, at least as initially designed, a process that
can open /dev/sgx/enclave can execute whatever bytes they want by
sticking them into an enclave. I fully expect that people will want
to combine these things: have unprivileged users run only
admin-approved code but *also* allow unprivileged users to run
enclaves.
> *If anything*, I would rather investigate possibility to use keyring for
> enclave signer's public keys or perhaps having extended attribute for
> the signer (SHA256) in the enclave file that could be compared during
> the EINIT.
The latter is very much like the labeled-enclave-file thing we talked about.
>
> I think either can be considered post-upstreaming.
Indeed, as long as the overall API is actually compatible with these
types of restrictions.
Powered by blists - more mailing lists