-
Notifications
You must be signed in to change notification settings - Fork 196
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[PAL/Linux-SGX] Remove insecure
enclave_untrusted.c
This file contained implementation of `malloc_untrusted`, which allowed in enclave code to allocate untrusted memory of arbitrary size in small granularity (contrary to page size in `ocall_mmap_untrusted`). The problem with its implementation was it used `slabmgr.h` which holds all metadata inline - in this case in untrusted memory. This was trivially exploitable by malicious host OS. `malloc_untrusted` was used in one place only and this commit adds a simple untrusted memory allocator for this specific kind of objects. Signed-off-by: Borys Popławski <borysp@invisiblethingslab.com>
- Loading branch information
1 parent
bd2bd00
commit 00e91a0
Showing
6 changed files
with
88 additions
and
76 deletions.
There are no files selected for viewing
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters