Bug#1056653: Info received (Bug#1039566: Info received (Bug#1039566: "Uncaught exception" on crypto.getRandomValues(new Uint32Array(32))))

[Philipp Marek]

Ok, I seem to have it fixed locally.

One of the threads in FF ran with much more CPU load, even if no
activity was expected.

"gdb" on it showed lots of

    Thread 1 "Isolated Web Co" received signal SIGSYS, Bad system call.
    0x00007f5c4e636840 in __libc_open64 (file=file@entry=0x7f5c422af8b0 
"/proc/sys/crypto/fips_enabled", oflag=0) at 
../sysdeps/unix/sysv/linux/open64.c:41
    41      ../sysdeps/unix/sysv/linux/open64.c: Datei oder Verzeichnis 
nicht gefunden.
    (gdb) bt
    #0  0x00007f5c4e636840 in __libc_open64 
(file=file@entry=0x7f5c422af8b0 "/proc/sys/crypto/fips_enabled", 
oflag=0) at ../sysdeps/unix/sysv/linux/open64.c:41
    #1  0x00007f5c4e5bf5b2 in __GI__IO_file_open 
(fp=fp@entry=0x7f5c2fd44020, filename=filename@entry=0x7f5c422af8b0 
"/proc/sys/crypto/fips_enabled", posix_mode=<optimized out>, 
prot=prot@entry=438, read_write=8, is32not64=<optimized out>)
        at ./libio/fileops.c:188
    #2  0x00007f5c4e5bf76b in _IO_new_file_fopen 
(fp=fp@entry=0x7f5c2fd44020, filename=filename@entry=0x7f5c422af8b0 
"/proc/sys/crypto/fips_enabled", mode=<optimized out>, 
mode@entry=0x7f5c422b05b3 "r", is32not64=is32not64@entry=1)
        at ./libio/fileops.c:280
    #3  0x00007f5c4e5b2f69 in __fopen_internal (filename=0x7f5c422af8b0 
"/proc/sys/crypto/fips_enabled", mode=0x7f5c422b05b3 "r", is32=1) at 
./libio/iofopen.c:75
    #4  0x00007f5c421faec9 in SECMOD_GetSystemFIPSEnabled () at 
/usr/lib/firefox/libnss3.so
    #5  0x00007f5c421ec095 in SECMOD_CreateModuleEx () at 
/usr/lib/firefox/libnss3.so
    #6  0x00007f5c421ed9db in SECMOD_LoadModule () at 
/usr/lib/firefox/libnss3.so
    #7  0x00007f5c421b38ce in  () at /usr/lib/firefox/libnss3.so
    #8  0x00007f5c421b40b8 in NSS_NoDB_Init () at 
/usr/lib/firefox/libnss3.so
    #9  0x00007f5c46729610 in EnsureNSSInitializedChromeOrContent() () 
at ./security/manager/ssl/nsNSSComponent.cpp:203
    #10 0x00007f5c4672fce0 in 
mozilla::psm::Constructor<nsRandomGenerator, (nsresult 
(nsRandomGenerator::*)())0, (mozilla::psm::ProcessRestriction)1> 
(aResult=0x7ffc28fc6c18, aIID=...) at 
./security/manager/ssl/nsNSSModule.cpp:71

So this seems seccomp-related as well.


An earlier tip I received was "upgrade nss" -- and here are 
firefox-local nss libraries that wouldn't be affected by dpkg!

After installing libnss3=2:3.96.1-1 from unstable, doing

    /usr/lib/firefox$ mkdir UNUSED
    /usr/lib/firefox$ mv libnss3.so libnssutil3.so libssl3.so UNUSED/

and restarting firefox the crypto.getRandomValues() function now works 
as expected.


Perhaps firefox shouldn't ship its own nss libraries?!!