Bug #23054: Oracle Linux 8 agent segfaults on FIPS system - Rudder - Issue Tracker

Actions

Copy link

Bug #23054

closed

Oracle Linux 8 agent segfaults on FIPS system

Added by Nicolas CHARLES over 1 year ago. Updated 7 months ago.

Status:

Resolved

Priority:

N/A

Assignee:

Category:

Agent

Target version:

7.3.15

Pull Request:

Severity:

Critical - prevents main use of Rudder | no workaround | data loss | security

UX impact:

User visibility:

Effort required:

Priority:

Name check:

To do

Fix check:

To do

Regression:

Description

On Oracle Linux 8 on a FIPS system (STIG installation or something like that), the rudder agent fails with segfault during policy update
The same rules on an Oracle Linux 9 does not break the rudder agent

Update:

- the problem is that FIPS forbids MD5 and that CFEngine uses MD5 to create the node identifier (by key pinning)
- in Oracle 8 we use the system openssl while in Oracle 9 we embed one, so that's why there's a difference in observed behavior

- the workaround would be to also embed openssl in Oracle 8
- the correction is to make CFEngine able to use both MD5 (for compat and migration) and SHA2.

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Rudder

Custom queries

Bug #23054

Oracle Linux 8 agent segfaults on FIPS system

Updated by Nicolas CHARLES over 1 year ago

Updated by Vincent MEMBRÉ over 1 year ago

Updated by François ARMAND over 1 year ago

Updated by Alexis Mousset over 1 year ago

Updated by Vincent MEMBRÉ about 1 year ago

Updated by Vincent MEMBRÉ about 1 year ago

Updated by Vincent MEMBRÉ about 1 year ago

Updated by Vincent MEMBRÉ about 1 year ago

Updated by Vincent MEMBRÉ 12 months ago

Updated by Vincent MEMBRÉ 10 months ago

Updated by Vincent MEMBRÉ 9 months ago

Updated by Vincent MEMBRÉ 9 months ago

Updated by Vincent MEMBRÉ 7 months ago

Updated by Alexis Mousset 7 months ago