On 5/11/22 10:33, Arne Vogel wrote:
> Is this a problem with gramine or does this allude
> to the fact that the programs run in this manner are not designed with
> security in mind and could contain vulnerabilities that could be
This one, although these doesn't have to be vulnerabilities in the
programs. See for example `-c` in Python - it's a perfectly valid
feature, but in the enclave security model you have to block it (amongst
many other cmdline switches).
> In other words: If I do proper sanitization on the arguments with all
> the risk in mind is it still insecure?
Yes, although this is rather hard, especially if you run programs with
rich runtimes. It should be doable in C and C++, but pretty hard in
other cases, where the runtimes often have some magic arguments to
control the execution. That's why we don't recommend doing this to the
users, I don't believe that they will do it right ;)