On 6/28/26 23:11, Simon Richter wrote:
> Hi,
> 
> On 6/29/26 3:54 AM, Eric Biggers wrote:
> 
>> We could do that if it's what people want.  Just keep in mind that it
>> would be much more complex than the single tristate sysctl.  And in
>> practice the number of people who are knowledgeable enough to create
>> these lists is quite small; we've seen similar things with other "Crypto
>> API" configuration knobs that seem to never be touched in practice.
> 
> I don't think finer grained control is necessary.
> 
> The tristate is the best possible interface for the people running 
> precompiled distribution kernels. Ideally, deactivating the restriction 
> should also be disallowed in lockdown mode -- and this becomes a lot 
> easier to subvert if the list of algorithms is runtime configurable.
> 
> I think it is safe to assume that the people using AF_ALG with hardware 
> crypto engines are building embedded systems with a custom kernel 
> configuration, so the .config is probably the best place for the 
> selection of algorithms that should remain available in restricted mode.
> 
>     Simon

I agree.

That said, if the crypto_rng support is to remain, should it have a
non-empty allowlist for privileged processes?  Otherwise, it's dead code
with the default sysctl value.
-- 
Sincerely,
Demi Marie Obenour (she/her/hers)

Attachment: OpenPGP_0xB288B55FFF9C22C1.asc
Description: OpenPGP public key

Attachment: OpenPGP_signature.asc
Description: OpenPGP digital signature

Reply via email to