[Pal/Linux-SGX] Warn about "allowed_files" usage

"allowed_files" is an insecure feature, which cannot be safely used in production environments. Signed-off-by: Borys Popławski <borysp@invisiblethingslab.com>
gramineproject · Sep 23, 2021 · e637fab · e637fab
1 parent ff5a2da
commit e637fab
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/Pal/src/host/Linux-SGX/enclave_framework.c b/Pal/src/host/Linux-SGX/enclave_framework.c
@@ -759,6 +759,16 @@ static int init_trusted_files_from_toml_array(void) {
     return ret;
 }
 
+static void maybe_warn_about_allowed_files_usage(void) {
+    static bool g_allowed_files_warned = false;
+
+    if (!g_pal_state.parent_process && !g_allowed_files_warned) {
+        log_always("WARNING! \"allowed_files\" is an insecure feature designed for debugging and "
+                   "prototyping, it must never be used in production!");
+        g_allowed_files_warned = true;
+    }
+}
+
 static int init_allowed_files_from_toml_table(void) {
     int ret;
 
@@ -770,6 +780,8 @@ static int init_allowed_files_from_toml_table(void) {
     if (!toml_allowed_files)
         return 0;
 
+    maybe_warn_about_allowed_files_usage();
+
     ssize_t toml_allowed_files_cnt = toml_table_nkval(toml_allowed_files);
     if (toml_allowed_files_cnt < 0)
         return -PAL_ERROR_DENIED;
@@ -825,6 +837,8 @@ static int init_allowed_files_from_toml_array(void) {
     if (!toml_allowed_files)
         return 0;
 
+    maybe_warn_about_allowed_files_usage();
+
     ssize_t toml_allowed_files_cnt = toml_array_nelem(toml_allowed_files);
     if (toml_allowed_files_cnt < 0)
         return -PAL_ERROR_DENIED;