Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > linux.debian.kernel > #92328

Bug#1135729: Consider disabling CONFIG_CRYPTO_USER_API_*

From Chris Hofstaedtler <zeha@debian.org>
Newsgroups linux.debian.bugs.dist, linux.debian.kernel
Subject Bug#1135729: Consider disabling CONFIG_CRYPTO_USER_API_*
Date 2026-05-06 13:40 +0200
Message-ID <MRILE-30C8-7@gated-at.bofh.it> (permalink)
References <MRkgi-2K3J-5@gated-at.bofh.it> <MRkgi-2K3J-5@gated-at.bofh.it> <MRDVD-2Xrq-1@gated-at.bofh.it> <MRkgi-2K3J-5@gated-at.bofh.it> <MRDVD-2Xrq-1@gated-at.bofh.it>
Organization linux.* mail to news gateway

Cross-posted to 2 groups.

Show all headers | View raw

Control: clone -1 -2
Control: reassign -2 src:util-linux
Control: retitle -2 util-linux: drop AF_ALG support
Control: forwarded -2 https://github.com/util-linux/util-linux/issues/4329

On Wed, May 06, 2026 at 08:22:26AM +0200, Salvatore Bonaccorso wrote:
> On Tue, May 05, 2026 at 11:20:17AM +0200, Chris Hofstädtler wrote:
> > people claim that the crypto API is a source of security issues when 
> > (mis-)used by user space. LWN commenters on the recent algif_aead 
> > issue have some more notes:
> > https://lwn.net/Articles/1070682/
[..]
> > So it appears there are some tradeoffs to be made. Please take a 
> > look and consider turning the crypto user api off.
> 
> That will be up for further discussion in the kernel-team meeting. I
> wonder if we already can do that. There was the following follup as
> well from Eric:
> https://www.openwall.com/lists/oss-security/2026/05/06/5

Thanks, that is indeed useful commentary.

> Will iwd still work if we disable i now?

Needs to be seen, I think.

For u-l I've asked upstream to drop the AF_ALG stuff, as it seems 
completely non-critical.

Best,
Chris

Back to linux.debian.kernel | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

Bug#1135729: Consider disabling CONFIG_CRYPTO_USER_API_* Chris Hofstädtler <zeha@debian.org> - 2026-05-05 11:30 +0200
  Bug#1135729: Consider disabling CONFIG_CRYPTO_USER_API_* Salvatore Bonaccorso <carnil@debian.org> - 2026-05-06 08:30 +0200
    Bug#1135729: Consider disabling CONFIG_CRYPTO_USER_API_* Chris Hofstaedtler <zeha@debian.org> - 2026-05-06 13:40 +0200
  Processed: Re: Bug#1135729: Consider disabling CONFIG_CRYPTO_USER_API_* "Debian Bug Tracking System" <owner@bugs.debian.org> - 2026-05-06 08:30 +0200
  Processed: Re: Bug#1135729: Consider disabling CONFIG_CRYPTO_USER_API_* "Debian Bug Tracking System" <owner@bugs.debian.org> - 2026-05-06 13:40 +0200
  Bug#1135729: marked as done (Consider disabling CONFIG_CRYPTO_USER_API_*) "Debian Bug Tracking System" <owner@bugs.debian.org> - 2026-05-07 11:10 +0200
  Re: Bug#1135729 closed by Debian FTP Masters  <ftpmaster@ftp-master.debian.org> (reply to Maytham Alsudany  <maytham@debian.org>) (Bug#1135729: fixed in docker-credential-gcr 2.1.32-1) Chris Hofstaedtler <zeha@debian.org> - 2026-05-07 12:00 +0200

csiph-web