I added a bunch of (more) granular-level issues to
http://projects.theforeman.org/issues/3511 tracker.
Cheers,
-d
On Wed, Nov 22, 2017 at 2:13 PM, Dmitri Dolguikh
wrote:
> On Wed, Nov 22, 2017 at 9:33 AM, James Shewey wrote:
>
>> You may not be getting an ABRT because ruby was patched some tim
On Wed, Nov 22, 2017 at 9:33 AM, James Shewey wrote:
> You may not be getting an ABRT because ruby was patched some time ago to
> catch this ABRT and a handler was created to make this a non-fatal error
> (ruby used to just core dump - see https://bugzilla.redhat.com/
> show_bug.cgi?id=717709). I
On Tuesday, November 21, 2017 at 1:43:24 PM UTC-7, Dmitri Dolguikh wrote:
>
>
> I tried installing an abrt signal handler when I was preparing this note,
> but it never gets called, possibly due to openssl calling exit immediately
> after raising 'abrt' [1]. Similarly, rubygem-abrt isn't catchi
Do you have some examples how such an abort looks like with and without GDB?
with gdb + .gdbinit:
Program received signal SIGABRT, Aborted.
0x7fb45991e1f7 in __GI_raise (sig=sig@entry=6) at
../nptl/sysdeps/unix/sysv/linux/raise.c:56
56 return INLINE_SYSCALL (tgkill, 3, pid, selftid, sig)
Thanks, so ABRT is raised when a FIPS-enabled library (e.g. openssl)
catches an attempt to use non-approved cipher.
Do you have some examples how such an abort looks like with and without GDB?
Why I am asking. Once we start supporting FIPS, I wonder how we are
gonna provide support for users and
On Mon, Nov 20, 2017 at 2:05 AM, Lukas Zapletal wrote:
> Perhaps - can you bit elaborate the GDB
> thing? Is this some kind of hook that use used for FIPS stack to
> report "mistakes" (e.g. signal or exception when you attempt to use
> md5 hash)? I wonder if there is a way to catch these without
Thanks for proposal. I have no comments on our findings, looks like a
good approach to the problem. Perhaps - can you bit elaborate the GDB
thing? Is this some kind of hook that use used for FIPS stack to
report "mistakes" (e.g. signal or exception when you attempt to use
md5 hash)? I wonder if the
> Given we are targeting Rails 5.1 for the SCL we are building and it's the
> newest, does anything change here with using it?
>
The approach stays the same, I think. My bet would be the problems stay the
same too (i.e. use of MD5 in caches).
> I have heard that the teams that work on those back
Awesome investigation, explanation and ideas on how we can stay compliant
once we reach that milestone. I have a few specific questions in-line:
On Thu, Nov 16, 2017 at 1:35 PM, Dmitri Dolguikh
wrote:
> What is FIPS?
> From Wikipedia [1]: The Federal Information Processing Standard (FIPS)
> Publ
What is FIPS?
>From Wikipedia [1]: The Federal Information Processing Standard (FIPS)
Publication 140-2, (FIPS PUB 140-2), is a U.S. government computer
security standard used to approve cryptographic modules. The title is
Security Requirements for Cryptographic Modules.
What are Implications of F
10 matches
Mail list logo