Community
cancel
Showing results for 
Search instead for 
Did you mean: 
SAM_R_2
Beginner
92 Views

system("Command") inside the enclave

Jump to solution

Hi,

We should not use system("Command") inside the enclave.

Can we use wget,CuraEngine or " powershell -command "& { (New-Object Net.WebClient).DownloadFile('http://myUrl', 'C:\path\to\test.json')}" " like commands directly inside the enclave.

Usually we keep eclaveWrapper  files in enclave_definition folder. Can we run the above commands in eclaveWrapper files which is different than the enclave_application folder. if we follow this process can we make sure about the safety of the files.

Thanks & Regards,

0 Kudos
1 Solution
92 Views

As a general statement, IO is not supported inside an enclave - you have to make OCALLs.

If your enclave makes an OCALL to the untrusted part of your application, and in the untrusted part of your application you decide to make any of the IO calls you mentioned, then this "will work" from a "is this possible" perspective.

As you mentioned, it would be up to you to verify that whatever data you obtained (via wget, powershell, etc) is data that you trust and want to pass back to the enclave. Furthermore, an attacker may view or modify the data sometime between the time you received it and the time you sent it to the enclave. You would have to protect against that as well.

View solution in original post

1 Reply
93 Views

As a general statement, IO is not supported inside an enclave - you have to make OCALLs.

If your enclave makes an OCALL to the untrusted part of your application, and in the untrusted part of your application you decide to make any of the IO calls you mentioned, then this "will work" from a "is this possible" perspective.

As you mentioned, it would be up to you to verify that whatever data you obtained (via wget, powershell, etc) is data that you trust and want to pass back to the enclave. Furthermore, an attacker may view or modify the data sometime between the time you received it and the time you sent it to the enclave. You would have to protect against that as well.

View solution in original post

Reply