Sorry, my typo. I meant --with-crypto, not --enable-crypto. I expect that if I point yara to the enclave file structure, it won't find certain header files or libraries and I'll have to catch and handle them as SGX OCALLS. The reason to run yara in enclave is to prevent the rules from being discoverable outside the enclave, so they are encrypted until they enter the enclave. Thanks for verifying the --with-pic option.
On Friday, November 23, 2018 at 5:54:33 PM UTC-5, Ángel wrote: > > On 2018-11-19 at 08:02 -0800, dmw wrote: > > Some additional info - I reran the ./configure script as ./configure > > --with-pic --enable-crypto --enable-dotnet --enable-magic > > --enable-cuckoo --with-crypto to include "--with-pic". Yara, of > > course compiled, but when attempting to link libyara.a using the given > > makefile, additional errors were produced. A snapshot of those errors, > > below seems to indicate basic c standard library are no longer > > locatable in the libyara object files. > > That configure command worked for me under Linux. > > > wget https://github.com/VirusTotal/yara/archive/v3.8.1.tar.gz > > tar -xvf v3.8.1.tar.gz > > cd yara-3.8.1/ > > ./configure script as ./configure --with-pic --enable-crypto > --enable-dotnet --enable-magic --enable-cuckoo --with-crypt > > ./bootstrap.sh > > ./configure --with-pic --enable-crypto --enable-dotnet --enable-magic > --enable-cuckoo --with-crypto > > make > > It complained that --enable-crypto was an unrecognized option, though. > > > Given the error messages, it looks as if you were not linking to the C > library (you describe it as being "no longer locatable in the libyara > object files", but actually it's that libyara requires linking to libc, > but the final executable is not). > > As you wan tot run it in an enclave, the issue is probably that you > don't have the standard library available there. > I don't know why you are trying to run yara in an enclave. As the piece > that requires the stdio is the lexer, I would suggest splitting the yara > part in two pieces, parsing the yara rule in "userland", passing that > and doing just the actual matching in the enclave. > > Kind regards > > > > > -- You received this message because you are subscribed to the Google Groups "YARA" group. To unsubscribe from this group and stop receiving emails from it, send an email to yara-project+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
