Replies: 1 comment 2 replies
-
This would require some analysis of how exactly Apache Tomcat uses eventfd. This means reviewing the source code of Apache Tomcat (or its dependency that uses eventfd), and understanding the flows of eventfd. In general, eventfd is just a signaling mechanism between two processes, or between a process and the Linux kernel. If this signaling is somehow verified by the application itself, or if spurious eventfd wake-ups (on select/poll/epoll) can be tolerated by the app, then I would say that there are no security concerns in using
Eventfd is used in two scenarios:
Gramine plans to implement a secure version of eventfd for scenario 1. Gramine cannot implement a secure version of eventfd for scenario 2, as the kernel (host Linux) is untrusted in the SGX model, so it's plain impossible. As for the timeline -- eventfd was always a low priority for us... Check our Roadmap -- looks like we don't even have eventfd task there... |
Beta Was this translation helpful? Give feedback.
-
Hi I noticed this:
gramine/CI-Examples/rust/rust-hyper-http-server.manifest.template
Line 34 in fdd3417
In our demo setup we have a similar need, as we are running an embedded Apache Tomcat that cannot run without it enabled. How severe are the security concerns behind this. And whats the timeline for gramine implementing it in a secure way?
Beta Was this translation helpful? Give feedback.
All reactions