Comments (7)
If I keep the enclave.signed.so at same directory as nginx binary, it results in segmentation fault.
roshan@bolt:~/talos/src/nginx-1.11.0/install/sbin$ pwd
roshan@bolt:~/talos/src/nginx-1.11.0/install/sbin$ pwd
/home/roshan/talos/src/nginx-1.11.0/install/sbin
roshan@bolt:~/talos/src/nginx-1.11.0/install/sbin$ ls -a
. .. enclave.signed.so nginx
roshan@bolt:~/talos/src/nginx-1.11.0/install/sbin$ ./nginx
Segmentation fault
from talos.
This is some change I modified in the "nginx-1.11.0/objs/Makefile":
--- nginx-1.11.0/objs/Makefile 2018-03-12 01:40:28.899019963 -0700
+++ nginx-1.11.0-std/objs/Makefile 2018-03-12 01:41:58.831507135 -0700
@@ -9,7 +9,7 @@
-I src/event \
-I src/event/modules \
-I src/os/unix \
- -I /home/administrator/nginx_talos_release/TaLoS//src/libressl-2.4.1//.openssl/include \
+ -I /home/administrator/nginx_talos_release/TaLoS/src/libressl-2.4.1/include \
-I objs \
-I src/http \
-I src/http/modules
@@ -76,7 +76,6 @@
src/os/unix/ngx_linux.h \
src/event/ngx_event_openssl.h \
src/core/ngx_regex.h \
- /home/administrator/nginx_talos_release/TaLoS//src/libressl-2.4.1//.openssl/include/openssl/ssl.h \
objs/ngx_auto_config.h
@@ -84,7 +83,7 @@
-I src/event \
-I src/event/modules \
-I src/os/unix \
- -I /home/administrator/nginx_talos_release/TaLoS//src/libressl-2.4.1//.openssl/include \
+ -I /home/administrator/nginx_talos_release/TaLoS/src/libressl-2.4.1/include \
-I objs
@@ -345,7 +344,7 @@
objs/src/http/modules/ngx_http_upstream_keepalive_module.o \
objs/src/http/modules/ngx_http_upstream_zone_module.o \
objs/ngx_modules.o \
- -ldl -lpthread -lcrypt -lpcre /home/administrator/nginx_talos_release/TaLoS//src/libressl-2.4.1//.openssl/lib/libssl.a /home/administrator/nginx_talos_release/TaLoS//src/libressl-2.4.1//.openssl/lib/libcrypto.a -ldl -lz \
+ -ldl -lpthread -lcrypt -lpcre /home/administrator/nginx_talos_release/TaLoS/src/libressl-2.4.1/lib/libssl.a /home/administrator/nginx_talos_release/TaLoS/src/libressl-2.4.1/lib/libcrypto.a -L /home/administrator/nginx_talos_release/intel/sgxsdk/sdk_libs -lsgx_urts_sim -lsgx_uae_service_sim -ldl -lz \
-Wl,-E
@@ -1171,75 +1170,69 @@
src/http/modules/ngx_http_upstream_zone_module.c
-/home/administrator/nginx_talos_release/TaLoS//src/libressl-2.4.1//.openssl/include/openssl/ssl.h: objs/Makefile
- cd /home/administrator/nginx_talos_release/TaLoS//src/libressl-2.4.1/ \
- && if [ -f Makefile ]; then $(MAKE) clean; fi \
- && ./config --prefix=/home/administrator/nginx_talos_release/TaLoS//src/libressl-2.4.1//.openssl no-shared \
- && $(MAKE) \
- && $(MAKE) install_sw LIBDIR=lib
manpage: objs/nginx.8
Hope it helps you.
from talos.
Where did you place enclave.signed.so ? Could you tell the path of it ? In my system I created a link here:
/home/roshan/talos/src/nginx-1.11.0/enclave.signed.so that points to the /home/roshan/talos/src/libressl-2.4.1/crypto/enclave.signed.so
from talos.
My system is the same yours. However, I only test in sgx simulator mode (-lsgx_urts_sim -lsgx_uae_service_sim).
from talos.
I tried to see what causes segmentation fault and this is the output:
roshan@bolt:/talos/src/nginx-1.11.0$ gdb ./install/sbin/nginx16.5) 7.11.1
GNU gdb (Ubuntu 7.11.1-0ubuntu1
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
http://www.gnu.org/software/gdb/bugs/.
Find the GDB manual and other documentation resources online at:
http://www.gnu.org/software/gdb/documentation/.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from ./install/sbin/nginx...done.
(gdb) run
Starting program: /home/roshan/talos/src/nginx-1.11.0/install/sbin/nginx
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff72f5895 in _create_enclave(bool, int, _se_file_t&, _le_prd_css_file_t*, unsigned char () [1024], int, unsigned long*, _sgx_misc_attribute_t*) ()
from /home/roshan/sgxsdk/lib64/libsgx_urts_sim.so
(gdb)
(gdb) bt
#0 0x00007ffff72f5895 in _create_enclave(bool, int, _se_file_t&, _le_prd_css_file_t*, unsigned char () [1024], int, unsigned long*, _sgx_misc_attribute_t*)
() from /home/roshan/sgxsdk/lib64/libsgx_urts_sim.so
#1 0x00007ffff72f648e in sgx_create_enclave ()
from /home/roshan/sgxsdk/lib64/libsgx_urts_sim.so
#2 0x000000000048b734 in initialize_enclave () at enclaveshim_ecalls.c:185
#3 0x000000000048bc19 in initialize_library () at enclaveshim_ecalls.c:351
#4 0x000000000049086d in OPENSSL_add_all_algorithms_noconf ()
at enclaveshim_ecalls.c:2844
#5 0x00007ffff72f0a89 in init_openssl() ()
from /home/roshan/sgxsdk/lib64/libsgx_urts_sim.so
#6 0x00007ffff7de76ba in call_init (l=, argc=argc@entry=1,
argv=argv@entry=0x7fffffffdc38, env=env@entry=0x7fffffffdc48)
at dl-init.c:72
#7 0x00007ffff7de77cb in call_init (env=0x7fffffffdc48, argv=0x7fffffffdc38,
argc=1, l=) at dl-init.c:30
#8 _dl_init (main_map=0x7ffff7ffe168, argc=1, argv=0x7fffffffdc38,
env=0x7fffffffdc48) at dl-init.c:120
#9 0x00007ffff7dd7c6a in _dl_start_user () from /lib64/ld-linux-x86-64.so.2
#10 0x0000000000000001 in ?? ()
#11 0x00007fffffffe018 in ?? ()
#12 0x0000000000000000 in ?? ()
from talos.
This time I did static linking and it's for simulation libraries.
And report from valgrind
roshan@bolt:~/talos/src/nginx-1.11.0$ valgrind --leak-check=full ./install/sbin/nginx
==20830== Memcheck, a memory error detector
==20830== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==20830== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==20830== Command: ./install/sbin/nginx
==20830==
==20830== Invalid read of size 8
==20830== at 0x570E895: _create_enclave(bool, int, _se_file_t&, _le_prd_css_file_t*, unsigned char () [1024], int, unsigned long*, _sgx_misc_attribute_t*) (in /home/roshan/sgxsdk/lib64/libsgx_urts_sim.so)
==20830== by 0x570F48D: sgx_create_enclave (in /home/roshan/sgxsdk/lib64/libsgx_urts_sim.so)
==20830== by 0x48B733: initialize_enclave (enclaveshim_ecalls.c:185)
==20830== by 0x48BC18: initialize_library (enclaveshim_ecalls.c:351)
==20830== by 0x49086C: OPENSSL_add_all_algorithms_noconf (enclaveshim_ecalls.c:2844)
==20830== by 0x5709A88: init_openssl() (in /home/roshan/sgxsdk/lib64/libsgx_urts_sim.so)
==20830== by 0x40106B9: call_init.part.0 (dl-init.c:72)
==20830== by 0x40107CA: call_init (dl-init.c:30)
==20830== by 0x40107CA: _dl_init (dl-init.c:120)
==20830== by 0x4000C69: ??? (in /lib/x86_64-linux-gnu/ld-2.23.so)
==20830== Address 0x0 is not stack'd, malloc'd or (recently) free'd
==20830==
==20830==
==20830== Process terminating with default action of signal 11 (SIGSEGV)
==20830== Access not within mapped region at address 0x0
==20830== at 0x570E895: _create_enclave(bool, int, _se_file_t&, _le_prd_css_file_t*, unsigned char () [1024], int, unsigned long*, _sgx_misc_attribute_t*) (in /home/roshan/sgxsdk/lib64/libsgx_urts_sim.so)
==20830== by 0x570F48D: sgx_create_enclave (in /home/roshan/sgxsdk/lib64/libsgx_urts_sim.so)
==20830== by 0x48B733: initialize_enclave (enclaveshim_ecalls.c:185)
==20830== by 0x48BC18: initialize_library (enclaveshim_ecalls.c:351)
==20830== by 0x49086C: OPENSSL_add_all_algorithms_noconf (enclaveshim_ecalls.c:2844)
==20830== by 0x5709A88: init_openssl() (in /home/roshan/sgxsdk/lib64/libsgx_urts_sim.so)
==20830== by 0x40106B9: call_init.part.0 (dl-init.c:72)
==20830== by 0x40107CA: call_init (dl-init.c:30)
==20830== by 0x40107CA: _dl_init (dl-init.c:120)
==20830== by 0x4000C69: ??? (in /lib/x86_64-linux-gnu/ld-2.23.so)
==20830== If you believe this happened as a result of a stack
==20830== overflow in your program's main thread (unlikely but
==20830== possible), you can try to increase the size of the
==20830== main thread stack using the --main-stacksize= flag.
==20830== The main thread stack size used in this run was 8388608.
==20830==
==20830== HEAP SUMMARY:
==20830== in use at exit: 73,602 bytes in 10 blocks
==20830== total heap usage: 82 allocs, 72 frees, 91,815 bytes allocated
from talos.
I was able to solve the problem by downgrading to sgxsdk version 1.9.
Please add this information in readme.md and also there is typo for ssh instead of ssl in readme.md
@tiepnv-viosoft : Thanks, your makefile does help me.
from talos.
Related Issues (20)
- Enclave once created is never destroyed HOT 1
- Build Nginx Successfully, but got a segmentation fault HOT 5
- potential security issue: ecall_SSL_write using [user_check] HOT 3
- SSL/TLS Client example
- security issues due to prevalent use of [user_check] HOT 5
- memcpy warning when compiling TaLoS HOT 2
- potential security issue: ecall_SSL_read using [user_check] HOT 2
- Cannot find -lsgx_tstdcxx HOT 8
- What's the purpose of the code in /src/talso/enclaveshim HOT 5
- Deprecated function is not defined HOT 1
- Data races
- Unable to establish SSL connection when testing on the lastes version
- Dockerbuild will not start HOT 1
- Compilation of libressl not working HOT 5
- New Networking Library Drop-in Usage? HOT 2
- can not build TaLoS using clang,need help HOT 6
- The private key may be leaked to the attacker HOT 5
- verify_mode maybe be modified by the attacker HOT 1
- SSL session is leaked
- Bugs found HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from talos.