crypt module fails to import in FIPS mode #95231
Comments
|
Tried to fix it here: #94742 |
tiran
changed the title
import crypto fails in kernel fips enabled machines
|
I have updated ticket to use the correct module name |
hugovk
added
stdlib
tiran
added
3.11
miss-islington
pushed a commit
that referenced
this issue
Aug 15, 2022
If kernel fips is enabled, we get permission error upon doing
`import crypt`. So, if kernel fips is enabled, disable the
unallowed hashing methods.
Python 3.9.1 (default, May 10 2022, 11:36:26)
[GCC 10.2.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import crypt
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python3.9/crypt.py", line 117, in <module>
_add_method('MD5', '1', 8, 34)
File "/usr/lib/python3.9/crypt.py", line 94, in _add_method
result = crypt('', salt)
File "/usr/lib/python3.9/crypt.py", line 82, in crypt
return _crypt.crypt(word, salt)
PermissionError: [Errno 1] Operation not permitted
Signed-off-by: Shreenidhi Shedi <[email protected]>
miss-islington
pushed a commit
to miss-islington/cpython
that referenced
this issue
Aug 15, 2022
…nGH-94742) If kernel fips is enabled, we get permission error upon doing `import crypt`. So, if kernel fips is enabled, disable the unallowed hashing methods. Python 3.9.1 (default, May 10 2022, 11:36:26) [GCC 10.2.0] on linux Type "help", "copyright", "credits" or "license" for more information. >>> import crypt Traceback (most recent call last): File "<stdin>", line 1, in <module> File "/usr/lib/python3.9/crypt.py", line 117, in <module> _add_method('MD5', '1', 8, 34) File "/usr/lib/python3.9/crypt.py", line 94, in _add_method result = crypt('', salt) File "/usr/lib/python3.9/crypt.py", line 82, in crypt return _crypt.crypt(word, salt) PermissionError: [Errno 1] Operation not permitted Signed-off-by: Shreenidhi Shedi <[email protected]> (cherry picked from commit 2fa03b1) Co-authored-by: Shreenidhi Shedi <[email protected]>
miss-islington
pushed a commit
to miss-islington/cpython
that referenced
this issue
Aug 15, 2022
…nGH-94742) If kernel fips is enabled, we get permission error upon doing `import crypt`. So, if kernel fips is enabled, disable the unallowed hashing methods. Python 3.9.1 (default, May 10 2022, 11:36:26) [GCC 10.2.0] on linux Type "help", "copyright", "credits" or "license" for more information. >>> import crypt Traceback (most recent call last): File "<stdin>", line 1, in <module> File "/usr/lib/python3.9/crypt.py", line 117, in <module> _add_method('MD5', '1', 8, 34) File "/usr/lib/python3.9/crypt.py", line 94, in _add_method result = crypt('', salt) File "/usr/lib/python3.9/crypt.py", line 82, in crypt return _crypt.crypt(word, salt) PermissionError: [Errno 1] Operation not permitted Signed-off-by: Shreenidhi Shedi <[email protected]> (cherry picked from commit 2fa03b1) Co-authored-by: Shreenidhi Shedi <[email protected]>
miss-islington
added a commit
that referenced
this issue
Aug 15, 2022
If kernel fips is enabled, we get permission error upon doing
`import crypt`. So, if kernel fips is enabled, disable the
unallowed hashing methods.
Python 3.9.1 (default, May 10 2022, 11:36:26)
[GCC 10.2.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import crypt
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python3.9/crypt.py", line 117, in <module>
_add_method('MD5', '1', 8, 34)
File "/usr/lib/python3.9/crypt.py", line 94, in _add_method
result = crypt('', salt)
File "/usr/lib/python3.9/crypt.py", line 82, in crypt
return _crypt.crypt(word, salt)
PermissionError: [Errno 1] Operation not permitted
Signed-off-by: Shreenidhi Shedi <[email protected]>
(cherry picked from commit 2fa03b1)
Co-authored-by: Shreenidhi Shedi <[email protected]>
|
Resolved by:
Thanks for the PR, Shreenidhi! |
miss-islington
added a commit
that referenced
this issue
Aug 30, 2022
If kernel fips is enabled, we get permission error upon doing
`import crypt`. So, if kernel fips is enabled, disable the
unallowed hashing methods.
Python 3.9.1 (default, May 10 2022, 11:36:26)
[GCC 10.2.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import crypt
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python3.9/crypt.py", line 117, in <module>
_add_method('MD5', '1', 8, 34)
File "/usr/lib/python3.9/crypt.py", line 94, in _add_method
result = crypt('', salt)
File "/usr/lib/python3.9/crypt.py", line 82, in crypt
return _crypt.crypt(word, salt)
PermissionError: [Errno 1] Operation not permitted
Signed-off-by: Shreenidhi Shedi <[email protected]>
(cherry picked from commit 2fa03b1)
Co-authored-by: Shreenidhi Shedi <[email protected]>
|
@erlend-aasland Given this is a security issue, surely this change should be added to 3.7 to 3.9? |
I don't think so. IMO, it is not a security issue; it is just a matter of failing gracefully instead of raising a (possibly) confusing exception. |
|
Hi everyone, any chance of backport it to 3.9 too?? |
Unfortunately not; see #95231 (comment) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Bug report
If kernel fips is enabled, we get permission error upon doing
import crypt.Your environment
VMware Photon OS 4.0
x86_64 machine
Python-3.9.1
Kernel fips is enabled
The text was updated successfully, but these errors were encountered: