- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
We should not use system("Command") inside the enclave.
Can we use wget,CuraEngine or " powershell -command "& { (New-Object Net.WebClient).DownloadFile('http://myUrl', 'C:\path\to\test.json')}" " like commands directly inside the enclave.
Usually we keep eclaveWrapper files in enclave_definition folder. Can we run the above commands in eclaveWrapper files which is different than the enclave_application folder. if we follow this process can we make sure about the safety of the files.
Thanks & Regards,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
As a general statement, IO is not supported inside an enclave - you have to make OCALLs.
If your enclave makes an OCALL to the untrusted part of your application, and in the untrusted part of your application you decide to make any of the IO calls you mentioned, then this "will work" from a "is this possible" perspective.
As you mentioned, it would be up to you to verify that whatever data you obtained (via wget, powershell, etc) is data that you trust and want to pass back to the enclave. Furthermore, an attacker may view or modify the data sometime between the time you received it and the time you sent it to the enclave. You would have to protect against that as well.
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
As a general statement, IO is not supported inside an enclave - you have to make OCALLs.
If your enclave makes an OCALL to the untrusted part of your application, and in the untrusted part of your application you decide to make any of the IO calls you mentioned, then this "will work" from a "is this possible" perspective.
As you mentioned, it would be up to you to verify that whatever data you obtained (via wget, powershell, etc) is data that you trust and want to pass back to the enclave. Furthermore, an attacker may view or modify the data sometime between the time you received it and the time you sent it to the enclave. You would have to protect against that as well.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page