From: Eric Biggers <ebiggers@kernel.org>
To: Demi Marie Obenour <demiobenour@gmail.com>
Cc: oss-security@lists.openwall.com,
Jan Schaumann <jschauma@netmeister.org>,
iwd@lists.linux.dev
Subject: Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation
Date: Sat, 2 May 2026 03:54:02 +0000 [thread overview]
Message-ID: <20260502035402.GB3872267@google.com> (raw)
In-Reply-To: <20260502033556.GA3872267@google.com>
On Sat, May 02, 2026 at 03:35:58AM +0000, Eric Biggers wrote:
> So the idea would be something along the lines of:
And just to make sure no one gets the wrong impression: just because
there seem to be ways in which the attack surface of AF_ALG could/should
be reduced doesn't mean that userspace should keep using it (or even
worse, start to use it). Fixing programs like iwd needs to proceed
concurrently, so that eventually (some years down the line) the problem
can finally be fully solved by removing AF_ALG from the kernel source.
- Eric
next prev parent reply other threads:[~2026-05-02 3:54 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <afJorKIje4O6dXbH@netmeister.org>
[not found] ` <d6111caa-db61-498a-92cb-ea7a0aa0a5e2@ehuk.net>
[not found] ` <87se8dgicq.fsf@gentoo.org>
[not found] ` <afL-QhLfEKqHZqka@eldamar.lan>
[not found] ` <20260430071917.GB54208@sol>
[not found] ` <177abb5d-8ba9-4bb9-8b23-9fbc868ed3cd@gmail.com>
[not found] ` <20260501180028.GA2260@sol>
2026-05-01 19:24 ` [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Demi Marie Obenour
2026-05-01 20:18 ` Eric Biggers
2026-05-02 0:21 ` Demi Marie Obenour
2026-05-02 3:35 ` Eric Biggers
2026-05-02 3:54 ` Eric Biggers [this message]
2026-05-02 6:39 ` Demi Marie Obenour
2026-05-02 4:52 ` AF_ALG hardening Demi Marie Obenour
2026-05-02 8:19 ` Simon Richter
2026-05-02 20:42 ` Demi Marie Obenour
2026-05-02 19:16 ` Eric Biggers
2026-05-04 19:01 ` Simon Richter
2026-05-04 19:54 ` Eric Biggers
2026-05-04 5:57 ` [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Milan Broz
2026-05-04 6:13 ` Demi Marie Obenour
2026-05-04 6:43 ` Eric Biggers
2026-05-04 7:14 ` Milan Broz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260502035402.GB3872267@google.com \
--to=ebiggers@kernel.org \
--cc=demiobenour@gmail.com \
--cc=iwd@lists.linux.dev \
--cc=jschauma@netmeister.org \
--cc=oss-security@lists.openwall.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox