-
Notifications
You must be signed in to change notification settings - Fork 202
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Known security issues #8
Comments
@mkow hello, is the security audit done by external security expert? |
Hi, depends what do you mean by "external". There were some non-gramine-developers doing parts of it, but they were employed by a company involved in this project. And some parts were done by the maintainers. |
kailun-qin
pushed a commit
to kailun-qin/gramine
that referenced
this issue
Oct 24, 2024
Rework ioctl implementaion
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This issue lists known security problems with Graphene. Everything we're aware of but didn't have time to fix yet should be listed here. We'll also need to resolve all of them before we can say we're ready for production.
I'll try to keep this list up-to-date.
Critical: (checked means "already fixed on master")
Update: @mkow did the review and made some fixups in [Docs] Ensure that insecure options are clearly marked as such graphene#2454.
Better sanitization of CPU topology information in sysfs ([LibOS/PAL] Sanitize /sysfs pseudo filesystem graphene#2105) - We forward a lot of information from untrusted host to the user application with only partial sanitization. User app may trust this data, as it thinks they are coming from the trusted OS kernel and so have exploitable bugs in the parsing logic.Update: This feature was hid under a feature flag and will be re-enabled after we implement proper sanitization. See [Pal,LibOS] Disable sysfs topology by default #135.
Update: Done in Strip confidential information from logs on "error" level (minimal version) graphene#2497.
Update: Done by @boryspoplawski with some consulting help from other maintainers.
All known issues were fixed (see [Pal/Linux-SGX] Detect signal stack overflow in "enclave_entry.S" #108). We should be fine for now, but we plan to rewrite this code anyways, to have more confidence in it :)
Probably not-so-critical: (or rather: we don't know any app which would be vulnerable because of these)
Update: I moved the hardening ideas to a separate issue: #54.
The text was updated successfully, but these errors were encountered: