Linux 7.2 Proceeding To Deprecate AF_ALG Due To "Massive Attack Surface", Drops Offloading
([Linux Networking] 5 Hours Ago
AF_ALG)
- Reference: 0001637183
- News link: https://www.phoronix.com/news/Linux-AF-ALG-Deprecation
- Source link:
The Linux kernel's AF_ALG interface for user-space applications to directly access the Linux kernel's built-in cryptographic engine is proceeding with a quick deprecation cycle due to a "massive attack surface" with increased vulnerabilities coming to light due to AI/LLM-based tooling.
With the upcoming Linux 7.2 kernel, AF_ALG is being deprecated in full. Eric Biggers explains in [1]a patch queued to the kernel's cryptographic subsystem "cryptodev" tree:
"AF_ALG is almost completely unnecessary, and it exposes a massive attack surface that hasn't been standing up to modern vulnerability discovery tools. The latest one even has its own website, providing a small Python script that reliably roots most Linux distros: https://copy.fail/
This isn't sustainable, especially as LLMs have accelerated the rate the vulnerabilities are coming in. The effort that is being put into this thing is vastly disproportional to the few programs that actually use it, and those programs would be better served by userspace code anyway.
These issues have been noted in many mailing list discussions already. But until now they haven't been reflected in the documentation or kconfig menu itself, and the vulnerabilities are still coming in.
Let's go ahead and document the deprecation."
In addition to the deprecation, for Linux 7.2 AF_ALG will already be [2]seeing its zero-copy support removed due to the associated security concerns.
Additionally, as of this past week, [3]this patch is moving ahead and dropping off-CPU cryptography support from AF_ALG. Making use of hardware-accelerated offloading with crypto accelerators for AF_ALG has been deemed too dangerous and thus being removed already for Linux 7.2:
"AF_ALG is deprecated and exposed to unprivileged userspace. Only use the least buggy algorithm implementations: the pure software ones.
This removes one of the main advantages of AF_ALG, which is the ability to use it with off-CPU accelerators. However, using off-CPU accelerators has huge overheads, both in performance and attack surface. I have yet to see real-world, performance-critical workloads where using an accelerator via AF_ALG is actually a win over doing cryptography in userspace.
If using an off-CPU accelerator really does turn out to be a win, a new API should be developed that is actually a good fit for it."
The Linux 7.2 merge window should be kicking off in mid-June with many changes abound: both many new kernel features and also further dealing with the fallout from growing AI/LLM discoveries.
[1] https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git/commit/?id=a67afb1884ba815079bd43d5c998e155e03b08b6
[2] https://www.phoronix.com/news/Linux-AF-ALF-Zero-Copy-Security
[3] https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git/commit/?id=7524070f26d8d347c26787dc297fb844baa26abf
With the upcoming Linux 7.2 kernel, AF_ALG is being deprecated in full. Eric Biggers explains in [1]a patch queued to the kernel's cryptographic subsystem "cryptodev" tree:
"AF_ALG is almost completely unnecessary, and it exposes a massive attack surface that hasn't been standing up to modern vulnerability discovery tools. The latest one even has its own website, providing a small Python script that reliably roots most Linux distros: https://copy.fail/
This isn't sustainable, especially as LLMs have accelerated the rate the vulnerabilities are coming in. The effort that is being put into this thing is vastly disproportional to the few programs that actually use it, and those programs would be better served by userspace code anyway.
These issues have been noted in many mailing list discussions already. But until now they haven't been reflected in the documentation or kconfig menu itself, and the vulnerabilities are still coming in.
Let's go ahead and document the deprecation."
In addition to the deprecation, for Linux 7.2 AF_ALG will already be [2]seeing its zero-copy support removed due to the associated security concerns.
Additionally, as of this past week, [3]this patch is moving ahead and dropping off-CPU cryptography support from AF_ALG. Making use of hardware-accelerated offloading with crypto accelerators for AF_ALG has been deemed too dangerous and thus being removed already for Linux 7.2:
"AF_ALG is deprecated and exposed to unprivileged userspace. Only use the least buggy algorithm implementations: the pure software ones.
This removes one of the main advantages of AF_ALG, which is the ability to use it with off-CPU accelerators. However, using off-CPU accelerators has huge overheads, both in performance and attack surface. I have yet to see real-world, performance-critical workloads where using an accelerator via AF_ALG is actually a win over doing cryptography in userspace.
If using an off-CPU accelerator really does turn out to be a win, a new API should be developed that is actually a good fit for it."
The Linux 7.2 merge window should be kicking off in mid-June with many changes abound: both many new kernel features and also further dealing with the fallout from growing AI/LLM discoveries.
[1] https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git/commit/?id=a67afb1884ba815079bd43d5c998e155e03b08b6
[2] https://www.phoronix.com/news/Linux-AF-ALF-Zero-Copy-Security
[3] https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git/commit/?id=7524070f26d8d347c26787dc297fb844baa26abf