jethrogb
commented
4 years ago Can you link to the patches?
Closed MikeCamel closed 5 months ago
jethrogb
commented
4 years ago Can you link to the patches?
npmccallum
commented
4 years ago There is not currently a patch. One needs to be made.
The Intel SGX SDK implements a library that is preloaded to override the ptrace() and waitpid() functions in order to make ptrace work in enclaves. The Open Enclave SDK does the same thing with their own code.
Rather than overriding symbols in glibc, we should just patch glibc.
dthaler
commented
4 years ago Notes from June 25 TAC meeting: Three mentors here are in sync. This issue is a good example of the TAC providing coordination between projects. We are waiting until there is some code fix upstream to close this issue.
Currently, Intel SDK and Open Enclave SDK maintain libraries which override symbols in glibc for SGX enclave debugging purposes. Enarx is also implementing its debugging setup now and needs this functionality. It would seem to make sense to consolidate these and merge them upstream to glibc.
Therefore, we propose that the TAC coordination with members from each project to facilitate this collaboration.
Enarx is happy to host the consolidated glibc patchset in a custom build of glibc for Fedora to allow user testing until full merge. We believe that it would be very helpful to get these changes prepared for merge into glibc BEFORE the SGX patches land in the Linux kernel. That way once the Linux patches are merged we can immediately propose mature, tested patches to upstream glibc.