Re: [PATCH] crypto: af_alg - Add af_alg_restrict sysctl, defaulting to 1

Next message: Marco Scardovi: "[PATCH v2 3/4] x86/power: Implement relaxed E820 memory map integrity check"
Previous message: Marco Scardovi: "[PATCH v2 4/4] Documentation: Document hibernate=relaxed_memmap parameter option"
In reply to: Bastien Nocera: "Re: [PATCH] crypto: af_alg - Add af_alg_restrict sysctl, defaulting to 1"
Next in thread: Luiz Augusto von Dentz: "Re: [PATCH] crypto: af_alg - Add af_alg_restrict sysctl, defaulting to 1"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Eric Biggers

Date: Tue Jun 23 2026 - 12:58:44 EST

On Tue, Jun 23, 2026 at 10:42:34AM +0200, Bastien Nocera wrote:
> Hello Eric,
>
> On Mon, 2026-06-22 at 16:48 -0700, Eric Biggers wrote:
> > AF_ALG is a frequent source of vulnerabilities and a maintenance
> > nightmare. It exposes far more functionality to userspace than ever
> > should have been exposed, especially to unprivileged processes.
> > Recent
> > exploits have targeted kernel internal implementation details like
> > "authencesn" that have zero use case for userspace access.
>
> You should also CC: ell@xxxxxxxxxxxxxxx for AF_ALG related changes, as
> ell uses AF_ALG extensively for crypto and checksumming.
>
> Cheers

The known users of libell (iwd and bluez) are already taken into
account.

- Eric