FIPS Operational Environment

From MozillaWiki
Jump to navigation Jump to search

Maintaining Software Integrity

Describe the checksum (.chk) files.

Configuring Discretionary Access Control

On Unix (including Linux and Mac OS X), discretionary access control can be configured by setting the file mode bits of the files. The file mode bits can be set when the files are created. After the files are created, the file mode bits can be changed with the chmod utility.

Below we describe how to specify the set of roles that can access each component of the NSS module.

Stored Cryptographic Software and Cryptographic Programs

When installing the NSS library files, the operator shall use the chmod utility to set the file mode bits of the NSS library files to 0755, making them readable, writable, and executable by the owner; and readable and executable by everyone. For example, 

 $ chmod 0755 libsoftokn3.so libfreebl3.so

In other words, all users can execute the stored cryptographic software, but only the files' owner can modify (i.e., write, replace, and delete) cryptographic programs. The file mode bits can be verified with the ls utility. For example, 

 $ ls -l libsoftokn3.so libfreebl3.so
 -rwxr-xr-x  1 wtchang wtchang  455411 Jun  8 17:07 libfreebl3.so
 -rwxr-xr-x  1 wtchang wtchang 1052734 Jun  8 17:07 libsoftokn3.so

Cryptographic Keys, CSPs, and Plaintext Data

The NSS module creates its database files with the 0600 permission bits, making them readable and writable by the owner only.

Audit Data

The operating system enforces that audit data can only be read or modified by the root user.

Entry of Cryptographic Keys and CSPs

N/A. NSS does not support manual entry of cryptographic keys and CSPs.

Retrieved from "https://wiki.mozilla.org/index.php?title=FIPS_Operational_Environment&oldid=27473"