You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@teaclave.apache.org by GitBox <gi...@apache.org> on 2020/06/29 13:06:11 UTC

[GitHub] [incubator-teaclave] ly137062117 opened a new issue #374: Access Control 服务中的python脚本参与实际环境中的权限校验吗

ly137062117 opened a new issue #374:
URL: https://github.com/apache/incubator-teaclave/issues/374


   最近读Access Control模块源码时，发现几个不太理解的问题：
   （1）acs.rs 中权限校验的逻辑最终调用了acs_enforce_request() 和acs_announce_fact() 函数，而这两个函数是在acs_engine.py 脚本中实现的。请问下，teaclave 服务启动后，acs_engine.py 是被编译为二进制参与到权限校验中吗？如果没有被编译，那么当 py 脚本被人为篡改（例如篡改了acs_enforce_request() 和 acs_announce_fact()的逻辑），那么权限校验岂不是失效了？
   （2）model.conf 文件被加载时，没有任何的加解密或验证措施，当人为修改了model.conf的内容（例如将user_access_data始终设置为true），那么权限校验逻辑岂不是也失效了？


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@teaclave.apache.org
For additional commands, e-mail: notifications-help@teaclave.apache.org

[GitHub] [incubator-teaclave] mssun commented on issue #374: Access Control 服务中的python脚本参与实际环境中的权限校验吗

Posted by GitBox <gi...@apache.org>.

mssun commented on issue #374:
URL: https://github.com/apache/incubator-teaclave/issues/374#issuecomment-671582871


   Since there's no more question, I'm closing this issue.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@teaclave.apache.org
For additional commands, e-mail: notifications-help@teaclave.apache.org

[GitHub] [incubator-teaclave] mssun commented on issue #374: Access Control 服务中的python脚本参与实际环境中的权限校验吗

Posted by GitBox <gi...@apache.org>.

mssun commented on issue #374:
URL: https://github.com/apache/incubator-teaclave/issues/374#issuecomment-651418057


   `acs_engine.py` 和 `model.conf` 都是静态编译进 enclave 里的。


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@teaclave.apache.org
For additional commands, e-mail: notifications-help@teaclave.apache.org

[GitHub] [incubator-teaclave] ly137062117 commented on issue #374: Access Control 服务中的python脚本参与实际环境中的权限校验吗

Posted by GitBox <gi...@apache.org>.

ly137062117 commented on issue #374:
URL: https://github.com/apache/incubator-teaclave/issues/374#issuecomment-651473037


   请问下，model.conf 文件是如何编译到 enclave 中的呢？配置文件也能静态编译吗？


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@teaclave.apache.org
For additional commands, e-mail: notifications-help@teaclave.apache.org

[GitHub] [incubator-teaclave] mssun commented on issue #374: Access Control 服务中的python脚本参与实际环境中的权限校验吗

Posted by GitBox <gi...@apache.org>.

mssun commented on issue #374:
URL: https://github.com/apache/incubator-teaclave/issues/374#issuecomment-651473582


   通过 `include_str!` (https://doc.rust-lang.org/std/macro.include_str.html)。
   
   https://github.com/apache/incubator-teaclave/blob/80fe5e9b78f3d5a023a07f9b44cabf4bd994a919/services/access_control/enclave/src/acs.rs#L33


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@teaclave.apache.org
For additional commands, e-mail: notifications-help@teaclave.apache.org

[GitHub] [incubator-teaclave] mssun closed issue #374: Access Control 服务中的python脚本参与实际环境中的权限校验吗

Posted by GitBox <gi...@apache.org>.

mssun closed issue #374:
URL: https://github.com/apache/incubator-teaclave/issues/374


   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@teaclave.apache.org
For additional commands, e-mail: notifications-help@teaclave.apache.org