GSC in production environments

[tsadowsk]

When running gramine with some manifest arguments then below warning is returned:

Gramine detected the following insecure configurations:             
...                                                       
  - loader.insecure__use_cmdline_argv = true   (forwarding command-line args from untrusted host to the app)
  - loader.insecure__use_host_env = true       (forwarding environment vars from untrusted host to the app)
...                                                    
Gramine will continue application execution, but this configuration must not be used in production!  

Is there any workaround or alternative to pass command line arguments and environment variables to be able to run in production environment?

[dimakuv]

Yes.

https://gramine.readthedocs.io/en/stable/manifest-syntax.html#command-line-arguments https://gramine.readthedocs.io/en/stable/manifest-syntax.html#environment-variables

Typically you would want to hard-code the exact cmdline arguments and environment variables, otherwise the malicious host could inject wrong/malformed/insecure cmdline args and envvars.

However, it is not always possible, so for envvars we also have loader.env.[ENVIRON] = { passthrough = true } syntax. This should be used only when you're sure that this particular envvar has no security implications on the application behavior (i.e., it cannot be misused by the malicious host).

Unfortunately, there is no simple way to allow a known-to-be-good subset of cmdline args, so you either just hard-code a single set of cmdline args, or you have to play more complex tricks:

• Use loader.argv_src_file = "file:file_with_serialized_argv" and somehow submit the encrypted file with cmdline arguments to the machine with your SGX enclave.
• Use a pre-main trick, where you start Gramine with a helper executable that will parse, white-list and verify the security of cmdline arguments submitted by a possibly malicious host, and only then this helper executable execve's into a real app. In this case, you basically do your own security, and you can safely use loader.insecure__use_cmdline_argv = true in the manifest.

[tsadowsk]

@dimakuv Thank you for your reply. I resolved issues, which I mentioned earlier.

However, I am still looking for alternatives for below ones:

  - sgx.allowed_files = [ ... ]                (some files are passed through from untrusted host without verification)
  - fs.insecure__keys.* = "..."                (keys hardcoded in manifest)   

I need to use Hashicorp Vault configuration and stored data. The directory content is not known during building but container runtime. The same with the keys.

Are there any alternatives, so I could run production version without warnings?

[tsadowsk]

Many thanks for your help! I managed to resolve the issues. Please close the ticket.