Re: [Freesurfer] Freesurfer and crypt

Thu, 12 Apr 2018 07:52:49 -0700 

It appears that FreeSurfer is not compatible with systems for which
FIPS level security is mandated.  In our case, I am told this is part
of our data use agreement with the VA.

We tried to run it, and I get the following stack trace showing what
appears to be license validation using the crypt() function, which is
blacklisted by the Linux kernel by the FIPS configuration.

28063 open("/opt/apps/freesurfer-6.0/freesurfer/license.txt", O_RDONLY) = 3
28063 fstat(3, {st_mode=S_IFREG|0644, st_size=59, ...}) = 0
28063 mmap(NULL, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa319883000
28063 read(3, "issc-sysad...@umich.edu\n23098\n*C"..., 4096) = 59
28063 read(3, "", 4096)                 = 0
28063 open("/proc/sys/crypto/fips_enabled", O_RDONLY) = 4
28063 read(4, "1\n", 31)                = 2
28063 close(4)                          = 0
28063 write(1, "ERROR: crypt() returned null wit"..., 46) = 46
28063 exit_group(1)

Is there a workaround so we can run FreeSurfer FIPS-enabled systems?

Appreciate your consideration of this question,

-- bennet



On Thu, Mar 29, 2018 at 5:05 PM, Bennet Fauber <ben...@umich.edu> wrote:
> I have a couple of users here who are reporting that on machines with
> FIPS enabled, which in turn disables certain cryptographic functions,
> FreeSurfer core dumps with a call to the crypt() function, which FIPS
> disables.
>
> Someone speculated based on output from strace that this is FreeSurfer
> possibly attempting to validate its license.
>
> Is this a known problem?  Is there a solution?
>
> We have a university compliance office and possibly similar people
> from our local VA who are insisting that FIPS be enabled.
>
> If you need more information, please let me know and I will try to
> obtain it for you.
>
> Thanks,    -- bennet
_______________________________________________
Freesurfer mailing list
Freesurfer@nmr.mgh.harvard.edu
https://mail.nmr.mgh.harvard.edu/mailman/listinfo/freesurfer


The information in this e-mail is intended only for the person to whom it is
addressed. If you believe this e-mail was sent to you in error and the e-mail
contains patient information, please contact the Partners Compliance HelpLine at
http://www.partners.org/complianceline . If the e-mail was sent to you in error
but does not contain patient information, please contact the sender and properly
dispose of the e-mail.

Reply via email to