Closed
Bug 1736990
Opened 3 years ago
Closed 3 years ago
Sandbox needs to expose /dev/random and /proc/sys/crypto/fips_enabled when running in FIPS mode
Categories
(Core :: Security: Process Sandboxing, defect, P3)
Tracking
()
RESOLVED
FIXED
96 Branch
People
(Reporter: msirringhaus, Assigned: msirringhaus)
References
Details
Attachments
(1 file)
For running in FIPS mode, NSS needs to check /proc/sys/crypto/fips_enabled
, to be able to tell whether FIPS is enabled or not.
FIPS also mandates using /dev/random
instead of /dev/urandom
.
MediaPluginSandbox
already exposes /proc/sys/crypto/fips_enabled
, but not /dev/random
.
Content- and SocketProcessPolicy expose neither.
Assignee | ||
Comment 1•3 years ago
|
||
For running in FIPS mode, NSS needs to check /proc/sys/crypto/fips_enabled, to be able to tell whether FIPS is enabled or not.
FIPS also mandates using /dev/random instead of /dev/urandom.
Updated•3 years ago
|
Assignee: nobody → msirringhaus
Updated•3 years ago
|
Severity: -- → S4
Priority: -- → P3
Comment 2•3 years ago
|
||
There's a r+ patch which didn't land and no activity in this bug for 2 weeks.
:msirringhaus, could you have a look please?
For more information, please visit auto_nag documentation.
Flags: needinfo?(msirringhaus)
Flags: needinfo?(gpascutto)
Updated•3 years ago
|
Flags: needinfo?(gpascutto)
Pushed by gpascutto@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/a15a51cdc10b Expose /dev/random and /proc/sys/crypto/fips_enabled in sandboxes. r=bryce,gcp
Comment 4•3 years ago
|
||
bugherder |
Status: UNCONFIRMED → RESOLVED
Closed: 3 years ago
status-firefox96:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 96 Branch
Assignee | ||
Updated•3 years ago
|
Flags: needinfo?(msirringhaus)
Updated•3 years ago
|
You need to log in
before you can comment on or make changes to this bug.
Description
•