Sorry, it seems that my reply brings you more questions. > But Enclave written in C is not taking advantage of rigorous checking of Rust > sgx_tstd but instead relies on Intel's tlibc (and Intel does not provide > checks on the primitive ocalls? I believe they also do?)
I think there's one misunderstanding: Intel's tlibc does not provide any APIs which needs ocalls. In comparison, `sgx_tstd` provides APIs which requires ocalls (e.g., `std::net`). If someone want to use external C libraries which needs ocalls, he cannot use `sgx_std` obviously. Then, the only thing he can do is to write their own ocalls to extend Intel's tlibc, which may be vulnerable [1]. The solution I mentioned is to provide these extended libc API on top of the ocall interfaces written in Rust which have better checking and auditing. Hope this can explain my previous post. ``` ---------------------------------------------------------------------------- Enclave (Rust) | Enclave (C) ----------------------+---------------+------------------------------------- Rust standard library | extended libc | SGX platform interfaces (Rust/C FFI) ----------------------+---------------+ ocall interfaces (Rust) | --------------------------------------+------------------------------------- ``` - [1] https://github.com/openenclave/openenclave/security/advisories/GHSA-525h-wxcc-f66m -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/apache/incubator-teaclave-sgx-sdk/pull/274#issuecomment-716068223
