Closed
Bug 1736990
Opened 3 years ago
Closed 3 years ago
Sandbox needs to expose /dev/random and /proc/sys/crypto/fips_enabled when running in FIPS mode
Categories
(Core :: Security: Process Sandboxing, defect, P3)
Tracking
()
RESOLVED
FIXED
96 Branch
People
(Reporter: msirringhaus, Assigned: msirringhaus)
References
Details
Attachments
(1 file)
For running in FIPS mode, NSS needs to check /proc/sys/crypto/fips_enabled, to be able to tell whether FIPS is enabled or not.
FIPS also mandates using /dev/random instead of /dev/urandom.
MediaPluginSandbox already exposes /proc/sys/crypto/fips_enabled, but not /dev/random.
Content- and SocketProcessPolicy expose neither.
|
Assignee | |
Comment 1•3 years ago
|
||
For running in FIPS mode, NSS needs to check /proc/sys/crypto/fips_enabled, to be able to tell whether FIPS is enabled or not.
FIPS also mandates using /dev/random instead of /dev/urandom.
|
||
Updated•3 years ago
|
Assignee: nobody → msirringhaus
|
||
Updated•3 years ago
|
Severity: -- → S4
Priority: -- → P3
|
||
Comment 2•3 years ago
|
||
There's a r+ patch which didn't land and no activity in this bug for 2 weeks.
:msirringhaus, could you have a look please?
For more information, please visit auto_nag documentation.
Flags: needinfo?(msirringhaus)
Flags: needinfo?(gpascutto)
|
|
||
Updated•3 years ago
|
Flags: needinfo?(gpascutto)
Pushed by gpascutto@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/a15a51cdc10b Expose /dev/random and /proc/sys/crypto/fips_enabled in sandboxes. r=bryce,gcp
|
||
Comment 4•3 years ago
|
||
| bugherder | ||
Status: UNCONFIRMED → RESOLVED
Closed: 3 years ago
status-firefox96:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 96 Branch
|
|
Assignee | |
Updated•3 years ago
|
Flags: needinfo?(msirringhaus)
|
||
Updated•3 years ago
|
You need to log in
before you can comment on or make changes to this bug.
Description
•