| Summary: | nss: Failing to use /dev/urandom as source of randomness in container environment | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Adam Mariš <amaris> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED NOTABUG | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | emaldona, kdudka, kengert, nss-nspr-maint, rrelyea, slawomir, tjay |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-05-25 10:20:00 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Bug Depends On: | 1329518 | ||
| Bug Blocks: | 1329519 | ||
|
Description
Adam Mariš
2016-04-22 07:10:29 UTC
Created nss tracking bugs for this issue: Affects: fedora-all [bug 1329518] I should point out that the upstream bug continues to use NSS semantics. NSS doesn't sielently fail, NSS falls back and seeds the random number generater with additional entropy. NSS does not run without entropy. The upstream bug was not that the additional entropy was flawed. It was that the way the entropy was generated used a deprecated function in fedora. This bug should either be closed are renamed. (the upstream bug is now closed). On Current RHEL and Fed docker, /dev/urandom is made available by default exactly as present on the host system so this is not an issue for containers there as it is for other distros. |