Re: [RFC PATCH v4 00/12] security: x86/sgx: SGX vs. LSM

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 7/9/2019 3:25 PM, Sean Christopherson wrote:
On Tue, Jul 09, 2019 at 01:41:28PM -0700, Xing, Cedric wrote:
On 7/9/2019 10:09 AM, Sean Christopherson wrote:
Translating those to SGX, with a lot of input from Stephen, I ended up
with the following:

   - FILE__ENCLAVE_EXECUTE: equivalent to FILE__EXECUTE, required to gain X
                            on an enclave page loaded from a regular file

   - PROCESS2__ENCLAVE_EXECDIRTY: hybrid of EXECMOD and EXECUTE+WRITE,
                                  required to gain W->X on an enclave page

EXECMOD basically indicates a file containing self-modifying code. Your
ENCLAVE_EXECDIRTY is however a process permission, which is illogical.

How is it illogical?  If a PROCESS wants to EXECute a DIRTY ENCLAVE page,
then it needs PROCESS2__ENCLAVE_EXECDIRTY
Just think of the purpose of FILE__EXECMOD. It indicates to LSM the file has self-modifying code, hence W->X transition should be considered "normal" and allowed, regardless which process that file is loaded into.

The same thing for enclaves here. Whether an enclave contains self-modifying code is specific to that enclave, regardless which process it is loaded into.

But what are you doing is quite the opposite, and that's I mean by "illogical".



[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux