Re: nf_conntrack: Infoleak via CTA_ID and CTA_EXPECT_ID

From: Florian Westphal
Date: Fri Jun 30 2017 - 15:37:26 EST

Next message: Tahsin Erdogan: "Re: [PATCH v2] ext4: have ext4_xattr_set_handle() allocate journal credits"
Previous message: Gustavo A. R. Silva: "Re: [PATCH] sata_rcar: fix error return code in sata_rcar_probe()"
In reply to: Richard Weinberger: "nf_conntrack: Infoleak via CTA_ID and CTA_EXPECT_ID"
Next in thread: Richard Weinberger: "Re: nf_conntrack: Infoleak via CTA_ID and CTA_EXPECT_ID"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Richard Weinberger <richard@xxxxxx> wrote:
> Hi!
>
> I noticed that nf_conntrack leaks kernel addresses, it uses the memory address
> as identifier used for generating conntrack and expect ids..
> Since these ids are also visible to unprivileged users via network namespaces
> I suggest reverting these commits:

Why not use a hash of the address?

Next message: Tahsin Erdogan: "Re: [PATCH v2] ext4: have ext4_xattr_set_handle() allocate journal credits"
Previous message: Gustavo A. R. Silva: "Re: [PATCH] sata_rcar: fix error return code in sata_rcar_probe()"
In reply to: Richard Weinberger: "nf_conntrack: Infoleak via CTA_ID and CTA_EXPECT_ID"
Next in thread: Richard Weinberger: "Re: nf_conntrack: Infoleak via CTA_ID and CTA_EXPECT_ID"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]