Re: [HACKERS] FIPS mode?
| От | Joe Conway |
|---|---|
| Тема | Re: [HACKERS] FIPS mode? |
| Дата | |
| Msg-id | 19f3b462-2883-92b8-8d82-87d6244e51bc@joeconway.com обсуждение исходный текст |
| Ответ на | Re: [HACKERS] FIPS mode? (Tom Lane <tgl@sss.pgh.pa.us>) |
| Список | pgsql-hackers |
On 06/23/2017 10:51 PM, Tom Lane wrote: > Michael Paquier <michael.paquier@gmail.com> writes: >> On Sat, Jun 24, 2017 at 12:56 PM, Curtis Ruck >> <curtis.ruck+pgsql.hackers@gmail.com> wrote: >>> If I clean this up some, maintain styleguide, what is the likely hood of >>> getting this included in the redhat packages, since redhat ships a certified >>> FIPS implementation? > >> So they are applying a custom patch to it already? > > Don't believe so. It's been a few years since I was at Red Hat, but > my recollection is that their approach was that it was a system-wide > configuration choice changing libc's behavior, and there were only very > minor fixes required to PG's behavior, all of which got propagated > upstream (see, eg, commit 01824385a). It sounds like Curtis is trying > to enable FIPS mode inside Postgres within a system where it isn't enabled > globally, which according to my recollection has basically nothing to do > with complying with the actual federal security standard. Yes, see the PostgreSQL DISA STIG for a discussion with respect to that: https://www.crunchydata.com/postgres-stig/PGSQL-STIG-9.5+.pdf HTH, Joe -- Crunchy Data - http://crunchydata.com PostgreSQL Support for Secure Enterprises Consulting, Training, & Open Source Development
В списке pgsql-hackers по дате отправления: