Closed tsadowsk closed 7 months ago
Yes.
https://gramine.readthedocs.io/en/stable/manifest-syntax.html#command-line-arguments https://gramine.readthedocs.io/en/stable/manifest-syntax.html#environment-variables
Typically you would want to hard-code the exact cmdline arguments and environment variables, otherwise the malicious host could inject wrong/malformed/insecure cmdline args and envvars.
However, it is not always possible, so for envvars we also have loader.env.[ENVIRON] = { passthrough = true }
syntax. This should be used only when you're sure that this particular envvar has no security implications on the application behavior (i.e., it cannot be misused by the malicious host).
Unfortunately, there is no simple way to allow a known-to-be-good subset of cmdline args, so you either just hard-code a single set of cmdline args, or you have to play more complex tricks:
loader.argv_src_file = "file:file_with_serialized_argv"
and somehow submit the encrypted file with cmdline arguments to the machine with your SGX enclave.execve
's into a real app. In this case, you basically do your own security, and you can safely use loader.insecure__use_cmdline_argv = true
in the manifest.@dimakuv Thank you for your reply. I resolved issues, which I mentioned earlier.
However, I am still looking for alternatives for below ones:
- sgx.allowed_files = [ ... ] (some files are passed through from untrusted host without verification)
- fs.insecure__keys.* = "..." (keys hardcoded in manifest)
I need to use Hashicorp Vault configuration and stored data. The directory content is not known during building but container runtime. The same with the keys.
Are there any alternatives, so I could run production version without warnings?
Many thanks for your help! I managed to resolve the issues. Please close the ticket.
When running gramine with some manifest arguments then below warning is returned:
Is there any workaround or alternative to pass command line arguments and environment variables to be able to run in production environment?