New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unexpected exception while using Python HTTP server with SSL #1694
Comments
After some investigation, it looks like the problem comes from this fix: python/cpython#108318. The former image was using I can see that the file Do you have an idea why this modification introduced the bug with Gramine? |
Thanks @grydz for a detailed bug description! I am looking at it. I can reproduce it even on my Ubuntu 20.04 and Python 3.8. Apparently the security bug fix that you mention was backported to Python 3.8 too (I looked at my local Here's the relevant Gramine snippet:
After that, Python raises an error. Note that However, Python's |
Similar snippet of a native execution (collected via strace):
So clearly, Gramine is different from native execution in a wrong error code that it returns on a listening socket during recvfrom(). |
This is great, thank you very much for the quick fix! It works perfectly well: https://github.com/Cosmian/gramine-py-bug/tree/gramine-from-source |
@dimakuv is it feasible to release v1.6.1 (or v1.5.1) with the patch? |
@grydz We typically don't do such point releases. What we can do is to create a tag when this patch will be merged into Gramine. Then you'll have an immutable version of Gramine that you can git-clone, build and install. Unfortunately this means that you'll have to build Gramine yourself, instead of using a pre-built package. Is this something that will work for you? I believe the next Gramine release (v1.7) will happen around March-April... It's probably too large of a time delay for you? |
Sure, I was aware of Gramine's release life cycle but still, I asked :) A git tag would be great, thanks! |
@grydz The commit is: |
Thank you very much! |
Description of the problem
A simple Python code for running an HTTP server with SSL (no 3rd party library) suddenly fails with
gramine-sgx
after an update in a Docker image using Ubuntu 22.04. The diff between Docker images shows a different version of libssl3: 3.0.2-0ubuntu1.12 vs. 3.0.2-0ubuntu1.10. Version of Python (3.10.6-1~22.04) and Gramine (1.5) are the same.Steps to reproduce
Build and run the docker image from this repository https://github.com/Cosmian/gramine-py-bug or use the following Python code in Gramine: https://github.com/Cosmian/gramine-py-bug/blob/main/python/scripts/main.py.
Expected results
HTTPS server should run forever and accept HTTP GET and POST requests.
Actual results
OSError
andPermissionError
with the following traceback:Note that I'm not able to reproduce the bug outside of Gramine.
gramine.log
Gramine commit hash
1.5
The text was updated successfully, but these errors were encountered: