Re: [PATCH] crypto: af_alg - Add af_alg_restrict sysctl, defaulting to 1
From: Demi Marie Obenour
Date: Tue Jun 30 2026 - 11:54:54 EST
On 6/28/26 23:11, Simon Richter wrote:
> Hi,
>
> On 6/29/26 3:54 AM, Eric Biggers wrote:
>
>> We could do that if it's what people want. Just keep in mind that it
>> would be much more complex than the single tristate sysctl. And in
>> practice the number of people who are knowledgeable enough to create
>> these lists is quite small; we've seen similar things with other "Crypto
>> API" configuration knobs that seem to never be touched in practice.
>
> I don't think finer grained control is necessary.
>
> The tristate is the best possible interface for the people running
> precompiled distribution kernels. Ideally, deactivating the restriction
> should also be disallowed in lockdown mode -- and this becomes a lot
> easier to subvert if the list of algorithms is runtime configurable.
>
> I think it is safe to assume that the people using AF_ALG with hardware
> crypto engines are building embedded systems with a custom kernel
> configuration, so the .config is probably the best place for the
> selection of algorithms that should remain available in restricted mode.
>
> Simon
I agree.
That said, if the crypto_rng support is to remain, should it have a
non-empty allowlist for privileged processes? Otherwise, it's dead code
with the default sysctl value.
--
Sincerely,
Demi Marie Obenour (she/her/hers)
Attachment:
OpenPGP_0xB288B55FFF9C22C1.asc
Description: OpenPGP public key
Attachment:
OpenPGP_signature.asc
Description: OpenPGP digital signature