Path: csiph.com!weretis.net!feeder8.news.weretis.net!news.samoylyk.net!gothmog.csi.it!bofh.it!news.nic.it!robomod
From: Chris Hofstaedtler <zeha@debian.org>
Newsgroups: linux.debian.bugs.dist,linux.debian.kernel
Subject: Bug#1135729: Consider disabling CONFIG_CRYPTO_USER_API_*
Date: Wed, 06 May 2026 13:40:02 +0200
Message-ID: <MRILE-30C8-7@gated-at.bofh.it>
References: <MRkgi-2K3J-5@gated-at.bofh.it> <MRkgi-2K3J-5@gated-at.bofh.it> <MRDVD-2Xrq-1@gated-at.bofh.it> <MRkgi-2K3J-5@gated-at.bofh.it> <MRDVD-2Xrq-1@gated-at.bofh.it>
X-Original-To: Salvatore Bonaccorso <carnil@debian.org>, 1135729@bugs.debian.org
X-Mailbox-Line: From debian-bugs-dist-request@lists.debian.org  Wed May  6 11:37:09 2026
Old-Return-Path: <debbugs@buxtehude.debian.org>
X-Spam-Flag: NO
X-Spam-Score: -1.699
Reply-To: Chris Hofstaedtler <zeha@debian.org>, 1135729@bugs.debian.org
Resent-To: debian-bugs-dist@lists.debian.org
Resent-Cc: debian-kernel@lists.debian.org
X-Debian-Pr-Message: followup 1135729
X-Debian-Pr-Package: src:linux
X-Debian-Pr-Keywords: moreinfo security
X-Debian-Pr-Source: linux
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
X-Debian-User: zeha
X-Debian-Message: from BTS
X-Mailing-List: <debian-bugs-dist@lists.debian.org> archive/latest/1968153
List-ID: <debian-bugs-dist.lists.debian.org>
List-URL: <https://lists.debian.org/debian-bugs-dist/>
Approved: robomod@news.nic.it
Lines: 31
Organization: linux.* mail to news gateway
Sender: robomod@news.nic.it
X-Original-Date: Wed, 6 May 2026 13:35:34 +0200
X-Original-Message-ID: <afsnhpQTcwvJjZj5@per.namespace.at>
X-Original-References: <afm2UWFkJ67RFhAE@per.namespace.at> <afm2UWFkJ67RFhAE@per.namespace.at> <afreIi7mPCEgE0Wh@eldamar.lan> <afm2UWFkJ67RFhAE@per.namespace.at> <afreIi7mPCEgE0Wh@eldamar.lan>
Xref: csiph.com linux.debian.bugs.dist:1292461 linux.debian.kernel:92328

Control: clone -1 -2
Control: reassign -2 src:util-linux
Control: retitle -2 util-linux: drop AF_ALG support
Control: forwarded -2 https://github.com/util-linux/util-linux/issues/4329

On Wed, May 06, 2026 at 08:22:26AM +0200, Salvatore Bonaccorso wrote:
> On Tue, May 05, 2026 at 11:20:17AM +0200, Chris Hofstädtler wrote:
> > people claim that the crypto API is a source of security issues when 
> > (mis-)used by user space. LWN commenters on the recent algif_aead 
> > issue have some more notes:
> > https://lwn.net/Articles/1070682/
[..]
> > So it appears there are some tradeoffs to be made. Please take a 
> > look and consider turning the crypto user api off.
> 
> That will be up for further discussion in the kernel-team meeting. I
> wonder if we already can do that. There was the following follup as
> well from Eric:
> https://www.openwall.com/lists/oss-security/2026/05/06/5

Thanks, that is indeed useful commentary.

> Will iwd still work if we disable i now?

Needs to be seen, I think.

For u-l I've asked upstream to drop the AF_ALG stuff, as it seems 
completely non-critical.

Best,
Chris