You should probably disable algif kernel module this second if you run linux.

[-]

MerePotato@reddit

If the machine is on your local network and you're not executing random untrusted code this really isn't as dire as the title implies

[-]

MerePotato@reddit

To me untrusted means new and either closed source or lacking sufficient time to be audited.

[-]

jlozier@reddit

It's a hell of a pivot to root if you manage to get access to system via an other exploit though

[-]

Update your kernel when your distro makes a patched version available but don't buy into the panic. For this to work they already need access to run whatever they want as a regular user and I'd argue everyone on this sub uses one user for all of their personal data and anything valuable/sensitive.

Kudos to you if your home-workstation/server security model would require this kind of attack to get pwn'd.

[-]

a_beautiful_rhind@reddit (OP)

It can get snuck into a python script from updates very easily. There was a malicious sillytavern plugin a day or so ago that stole API keys.

The module isn't really used for anything and I even used the exploit itself to do it without typing sudo.

[-]

ForsookComparison@reddit

If they have snuck a malicious payload onto your machine most regular users are already done for. The escalation doesn't grant them much for hobbyists at that point.

People with better security models (that take advantaged of lower-privileged users) are the ones that should be spooked by this.

Also I suppose it's another container escape but there are many of those

[-]

MushroomSaute@reddit

Well, isn't that a bit circular? "If you've been hacked, you're done for, so don't bother mitigating" isn't exactly sound advice to "Look at this easy exploit, one that you may in all likelihood not have been affected by yet".

[-]

ForsookComparison@reddit

You knew what I meant but typed this out anyways. Why

[-]

MushroomSaute@reddit

If you meant what I just said, then I said it because your words did not mean the same thing.

As it were, you were arguing against taking precautions against the vulnerability before there was a patch, because it's either not a risk in your eyes, or according to your last comment, for that circular reasoning "you might have been hacked already, so don't bother mitigating". Either way, my conclusion is to mitigate the risk, not to ignore it.

[-]

Hyperus102@reddit

I think the point was that if someone gets into the position to exploit this, a regular user is already done for. As in, exploiting this does not lead to a notable advantage for the attacker.

At least that is how I am reading that comment.

[-]

MushroomSaute@reddit

All it takes is to run a program as a non-root user, by my understanding. So, everyone is in that position unless they've never installed software on their machine.

[-]

Caffdy@reddit

you were arguing against taking precautions against the vulnerability before there was a patch, because it's either not a risk in your eyes, or according to your last comment, for that circular reasoning "you might have been hacked already, so don't bother mitigating"

Amen, the other guy is ballin'

[-]

teleprint-me@reddit

What a willfully negligent way to think about this.

[-]

H3g3m0n@reddit

Plus if you ever use sudo they can just alias a simple python script that logs the password.

In some ways it might even be more secure to just disable the sudo password and allow autologin if you use the same password on more than one system.

It would mean the attacker wouldn't have to wait for the next time you manually run sudo, the trade off is if you don't have to type a password it would mean the attacker's don't get a password they can use elsewhere.

Of course if you ssh into those systems then they can also replace your ssh command (and/or steal your keys).

[-]

FullstackSensei@reddit

Which is why I avoid most python tools and rarely update the ones I can't avoid. Same goes for node. Never liked the exponential explosion of dependencies in either ecosystem when adding a handful of packages. People would rather add 50MB of dependencies rather than write 10 lines of code.

[-]

SpicyWangz@reddit

Yeah I’ve stopped wanting to update or install anything on Python in recent months. If I could ditch everything built on it I would.

Node is a lot harder to escape though.

[-]

ForsookComparison@reddit

nowadays most of those sketchy tools from Github can just be made on the spot using ~~Claude~~ Qwen3.6 anyhow

[-]

FullstackSensei@reddit

I understand what you mean, but I wouldn't call something like sillytavern or openwebui a sketchy tools, nor things you could easily re-implement yourself without significant effort, even with the best models.

[-]

po_stulate@reddit

The exploit is like if a person is able to come to your place as a guest, then they can also come to your place as if they were you.

You wouldn't say that if they can come to your place a a guest they already have enough opportunities to do many malicious things so doesn't matter if they can come as if they were you as well.

[-]

MushroomSaute@reddit

I think I misunderstood you before I typed a different reply, but I would agree with this, and even expand it a bit more.

My best friends could enter my home as "me", knowing my passcodes, or having a key themselves, etc., and it would be fine because I trust them and their "programming". But, a stranger providing a service, performing an upgrade or repair, etc., would not be allowed to enter as "me" with those credentials, because I don't trust them to the same degree as the friends I know well - even mutual friends, people trusted by my good friends, would be at that lower level of trust. That doesn't mean that I'd never let them in, since I still want that service done, or since I want to get to know another person who could one day become a good friend. It means I just need to rely on other security layers until I know a new person well enough - those passcodes for my safe, or even a simple lock on a private door, if I'm there and can ensure they don't try to pick into it.

Some of those strangers will be doing things that I don't supervise the entire time, though, and that's largely the case for most processes on Linux. It's not like we're constantly looking at their memory access and function calls, and it's not like we've inspected every line of code, just like I'm not in the room making sure a painter isn't peeking into my closet.

So, if it comes out that my safe has a really easy bypass, I'm fixing it before I let anyone inside my home that I don't trust 100% without supervision. Likewise, if my OS/kernel has a really easy bypass to elevation, it would be prudent not to let any third-party software run if I don't know every line of code it has... or, more realistically, to mitigate, fix, or disable the insecure vector ASAP.

[-]

DangKilla@reddit

Stop exposing your OS. This is what containers are for.

[-]

glichez@reddit

containers are vulnerable too:

Cross-container impact. The page cache is shared across all processes on a system, including across container boundaries. Copy Fail is not just a local privilege escalation. It is a container escape primitive and a Kubernetes node compromise vector (Part 2).

https://xint.io/blog/copy-fail-linux-distributions

[-]

DotJaded996@reddit

Bro has no idea containers share the host kernel lmao

[-]

DangKilla@reddit

Viber coder has no idea that podman containers can use SELinux and prevent this.

[-]

DotJaded996@reddit

Uhh, I'm a network engineer. I have never used an LLM to generate code for me.

I use qubes and everything I run in production is isolated in separate domains, on isolated vlans.

[-]

i312i@reddit

Containers don't protect you either.

[-]

DangKilla@reddit

SELinux. Rootless podman.

Please take some time do research.

[-]

i312i@reddit

That is one specific type of setup, you just said "container", so this is not some kinda gotcha moment bud.

[-]

DangKilla@reddit

I was replying to your response "containers don't protect you either" as someone who literally protects enterprises using containers.

[-]

i312i@reddit

You literally just said containers, if you said rootless podman + selinux, it would have been a true statement.

[-]

nmrk@reddit

Well it's a good thing I'm not using Linux, I'm using POSIX Certified UNIX: MacOS.

[-]

Betadoggo_@reddit

This isn't really a concern unless you have untrusted users and your security model is just not giving them root (always a bad idea).

[-]

natermer@reddit

People download and run stuff all the time. You don't need somebody actually logging into your system for this to work. Just running a malicious program will do it.

[-]

Original_Finding2212@reddit

Everyone has that.

AI coder agents..

[-]

a_beautiful_rhind@reddit (OP)

Any python script can run commands as root and even change your password. Go try it.

We use a lot of python things here, right?

[-]

ravage382@reddit

The problem isnt just users, but using it as step 2 in a exploit chain. Find a webapp that is configured poorly, find a way to break out of a kiosk mode on something. Whole bunch of ways to get a non root shell with enough work on a single host on a network and then you have a jump box for other attacks.

[-]

ttkciar@reddit

Quick and dirty recipe --

Was algif_aead built as a module?:

$ zcat /proc/config.gz  | grep CONFIG_CRYPTO_USER_API_AEAD
CONFIG_CRYPTO_USER_API_AEAD=m

It was! So find the module:

$ find /lib/modules/6* | grep algif_aead
/lib/modules/6.18.24/kernel/crypto/algif_aead.ko

.. and nuke it:

$ sudo rm /lib/modules/6.18.24/kernel/crypto/algif_aead.ko

[-]

IngwiePhoenix@reddit

echo "blacklist algif_aead" > /etc/modprobe.d/copy-fail.conf
update-initramfs -u

This is on Ubuntu. iirc, on Arch (like my CachyOS laptop) the 2nd command is mkinitcpio -P.

Either way, blacklisting is safer.

[-]

Clear-Ad-9312@reddit

running cachyOS, my kernel has been patched for a good minute now lol