Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support)

From: Andy Lutomirski
Date: Fri May 24 2019 - 15:34:02 EST

Next message: ira . weiny: "[PATCH RFC] mm/swap: make release_pages() and put_pages() match"
Previous message: Willem de Bruijn: "Re: [PATCH net 1/4] net/udp_gso: Allow TX timestamp with UDP GSO"
In reply to: Sean Christopherson: "Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support)"
Next in thread: Xing, Cedric: "RE: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, May 24, 2019 at 12:13 PM Sean Christopherson
<sean.j.christopherson@xxxxxxxxx> wrote:
>
> On Fri, May 24, 2019 at 11:34:32AM -0700, Xing, Cedric wrote:
> > > From: linux-sgx-owner@xxxxxxxxxxxxxxx [mailto:linux-sgx-
> > > owner@xxxxxxxxxxxxxxx] On Behalf Of Sean Christopherson
> > > Sent: Friday, May 24, 2019 10:55 AM

> I don't see a fundamental difference between having RWX in an enclave and
> RWX in normal memory, either way the process can execute arbitrary code,
> i.e. PROCESS__EXECMEM is appropriate. Yes, an enclave will #UD on certain
> instructions, but that's easily sidestepped by having a trampoline in the
> host (marked RX) and piping arbitrary code into the enclave. Or using
> EEXIT to do a bit of ROP.

There's a difference, albeit a somewhat weak one, if sigstructs are
whitelisted. FILE__EXECMOD on
either /dev/sgx/enclave or on the sigstruct is not an entirely crazy
way to express this.

Next message: ira . weiny: "[PATCH RFC] mm/swap: make release_pages() and put_pages() match"
Previous message: Willem de Bruijn: "Re: [PATCH net 1/4] net/udp_gso: Allow TX timestamp with UDP GSO"
In reply to: Sean Christopherson: "Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support)"
Next in thread: Xing, Cedric: "RE: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]