Skip to content

Commit

Permalink
support stripped executables
Browse files Browse the repository at this point in the history
  • Loading branch information
thomasten committed Jul 14, 2024
1 parent 5e20b14 commit 1c37a35
Show file tree
Hide file tree
Showing 3 changed files with 26 additions and 15 deletions.
9 changes: 6 additions & 3 deletions ego/cli/elf.go
Original file line number Diff line number Diff line change
Expand Up @@ -157,10 +157,13 @@ func (c *Cli) readDataFromELF(path string, section string, offset int, size int)
// checkUnsupportedImports checks whether the to-be-signed or to-be-executed binary uses Go imports which are not supported.
func (c *Cli) checkUnsupportedImports(path string) error {
symbols, err := c.getSymbolsFromELF(path)
if err != nil {
return fmt.Errorf("getting symbols: %w", err)
if err == nil {
return checkUnsupportedImports(symbols)
}
if errors.Is(err, elf.ErrNoSymbols) {
return nil
}
return checkUnsupportedImports(symbols)
return fmt.Errorf("getting symbols: %w", err)
}

func checkUnsupportedImports(symbols []elf.Symbol) error {
Expand Down
24 changes: 12 additions & 12 deletions ego/cli/sign.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
package cli

import (
"debug/elf"
"encoding/json"
"errors"
"fmt"
Expand All @@ -31,19 +32,18 @@ var ErrNoOEInfo = errors.New("could not find .oeinfo section")
var errConfigDoesNotExist = errors.New("enclave config file not found")

func (c *Cli) signWithJSON(conf *config.Config) error {
symbols, err := c.getSymbolsFromELF(conf.Exe)
if err != nil {
return fmt.Errorf("getting symbols: %w", err)
}

// First, check if the executable does not contain unsupported imports / symbols.
if err := checkUnsupportedImports(symbols); err != nil {
return err
}
if symbols, err := c.getSymbolsFromELF(conf.Exe); err == nil {
// First, check if the executable does not contain unsupported imports / symbols.
if err := checkUnsupportedImports(symbols); err != nil {
return err
}

// Check that heapSize is in the supported range of the heap mode the binary was built with.
if err := checkHeapMode(symbols, conf.HeapSize); err != nil {
return err
// Check that heapSize is in the supported range of the heap mode the binary was built with.
if err := checkHeapMode(symbols, conf.HeapSize); err != nil {
return err
}
} else if !errors.Is(err, elf.ErrNoSymbols) {
return fmt.Errorf("getting symbols: %w", err)
}

// write temp .conf file
Expand Down
8 changes: 8 additions & 0 deletions src/integration_test.sh
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,14 @@ sed -i 's/"heapSize": 511,/"heapSize": 768,/' enclave.json
run ego sign
run ego run integration-test

# Test stripped executable
cd "$egoPath/ego/cmd/integration-test"
cp enclave.json /tmp/ego-integration-test/enclave.json
run ego-go build -o /tmp/ego-integration-test/integration-test -ldflags -s
cd /tmp/ego-integration-test
run ego sign
run ego run integration-test

# Test unsupported import detection on sign & run
mkdir "$tPath/unsupported-import-test"
cd "$egoPath/ego/cmd/unsupported-import-test"
Expand Down

0 comments on commit 1c37a35

Please sign in to comment.