<![CDATA[Creating a separate post so more people see this: the mitigation recommended by Theori.io for copy.fail *WILL NOT WORK* for any RHEL or RHEL-derived distro, including CentOS, Fedora, Oracle, and Alma as the vulnerable code is built-in.]]>Creating a separate post so more people see this: the mitigation recommended by Theori.io for copy.fail *WILL NOT WORK* for any RHEL or RHEL-derived distro, including CentOS, Fedora, Oracle, and Alma as the vulnerable code is built-in.

]]>https://board.circlewithadot.net/topic/324b468f-bd6b-46a2-89f6-c021afee3726/creating-a-separate-post-so-more-people-see-this-the-mitigation-recommended-by-theori.io-for-copy.fail-will-not-work-for-any-rhel-or-rhel-derived-distro-including-centos-fedora-oracle-and-alma-as-the-vulnerable-code-is-built-in.RSS for NodeFri, 01 May 2026 19:56:30 GMTWed, 29 Apr 2026 22:43:58 GMT60<![CDATA[Reply to Creating a separate post so more people see this: the mitigation recommended by Theori.io for copy.fail *WILL NOT WORK* for any RHEL or RHEL-derived distro, including CentOS, Fedora, Oracle, and Alma as the vulnerable code is built-in. on Fri, 01 May 2026 11:29:23 GMT]]>@idkrn Sure, RBAC too, subjects with connect/bind rules automatically apply restrictions on socket families (limited to AF_UNIX/AF_INET). Any use of other socket families above that requires explicit sock_allow_family rules, so would block the AF_ALG use.

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/grsecurity/statuses/116499084982442637https://board.circlewithadot.net/post/https://infosec.exchange/users/grsecurity/statuses/116499084982442637Fri, 01 May 2026 11:29:23 GMT<![CDATA[Reply to Creating a separate post so more people see this: the mitigation recommended by Theori.io for copy.fail *WILL NOT WORK* for any RHEL or RHEL-derived distro, including CentOS, Fedora, Oracle, and Alma as the vulnerable code is built-in. on Thu, 30 Apr 2026 19:47:27 GMT]]>@grsecurity you said grsec can be vulnerable “only MODHARDEN has a chance.” What about rbac?

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/idkrn/statuses/116495381141407046https://board.circlewithadot.net/post/https://infosec.exchange/users/idkrn/statuses/116495381141407046Thu, 30 Apr 2026 19:47:27 GMT<![CDATA[Reply to Creating a separate post so more people see this: the mitigation recommended by Theori.io for copy.fail *WILL NOT WORK* for any RHEL or RHEL-derived distro, including CentOS, Fedora, Oracle, and Alma as the vulnerable code is built-in. on Thu, 30 Apr 2026 02:51:56 GMT]]>For RHEL/RHEL-derived configurations, this approach will work (the function name has been stable since 2015 and initcall_blacklist has been supported since 2014): https://news.ycombinator.com/item?id=47956504

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/grsecurity/statuses/116491387957052804https://board.circlewithadot.net/post/https://infosec.exchange/users/grsecurity/statuses/116491387957052804Thu, 30 Apr 2026 02:51:56 GMT<![CDATA[Reply to Creating a separate post so more people see this: the mitigation recommended by Theori.io for copy.fail *WILL NOT WORK* for any RHEL or RHEL-derived distro, including CentOS, Fedora, Oracle, and Alma as the vulnerable code is built-in. on Wed, 29 Apr 2026 22:44:42 GMT]]>For it to be effective at all, you would need to have CONFIG_CRYPTO_USER_API_AEAD=m. If it's =y, there is no module and the mitigation is a no-op. https://oracle.github.io/kconfigs/?config=CRYPTO_USER_API_AEAD&
shows the setting for common distros/versions, but it's most reliable to check your running kernel's config.

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/grsecurity/statuses/116490415797976730https://board.circlewithadot.net/post/https://infosec.exchange/users/grsecurity/statuses/116490415797976730Wed, 29 Apr 2026 22:44:42 GMT