[RFC PATCH v4 00/12] security: x86/sgx: SGX vs. LSM
Xing, Cedric
cedric.xing at intel.com
Tue Jul 9 23:11:08 UTC 2019
On 7/9/2019 3:25 PM, Sean Christopherson wrote:
> On Tue, Jul 09, 2019 at 01:41:28PM -0700, Xing, Cedric wrote:
>> On 7/9/2019 10:09 AM, Sean Christopherson wrote:
>>> Translating those to SGX, with a lot of input from Stephen, I ended up
>>> with the following:
>>>
>>> - FILE__ENCLAVE_EXECUTE: equivalent to FILE__EXECUTE, required to gain X
>>> on an enclave page loaded from a regular file
>>>
>>> - PROCESS2__ENCLAVE_EXECDIRTY: hybrid of EXECMOD and EXECUTE+WRITE,
>>> required to gain W->X on an enclave page
>>
>> EXECMOD basically indicates a file containing self-modifying code. Your
>> ENCLAVE_EXECDIRTY is however a process permission, which is illogical.
>
> How is it illogical? If a PROCESS wants to EXECute a DIRTY ENCLAVE page,
> then it needs PROCESS2__ENCLAVE_EXECDIRTY
Just think of the purpose of FILE__EXECMOD. It indicates to LSM the file
has self-modifying code, hence W->X transition should be considered
"normal" and allowed, regardless which process that file is loaded into.
The same thing for enclaves here. Whether an enclave contains
self-modifying code is specific to that enclave, regardless which
process it is loaded into.
But what are you doing is quite the opposite, and that's I mean by
"illogical".
More information about the Linux-security-module-archive
mailing list