From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752650AbdF3ThJ (ORCPT <rfc822;w@1wt.eu>);
        Fri, 30 Jun 2017 15:37:09 -0400
Received: from Chamillionaire.breakpoint.cc ([146.0.238.67]:47552 "EHLO
        Chamillionaire.breakpoint.cc" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S1752513AbdF3Tgx (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 30 Jun 2017 15:36:53 -0400
Date: Fri, 30 Jun 2017 21:35:44 +0200
From: Florian Westphal <fw@strlen.de>
To: Richard Weinberger <richard@nod.at>
Cc: "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        Pablo Neira Ayuso <pablo@netfilter.org>, fw@strlen.de,
        David Miller <davem@davemloft.net>, netfilter-devel@vger.kernel.org,
        coreteam@netfilter.org,
        "netdev@vger.kernel.org" <netdev@vger.kernel.org>,
        David Gstir <david@sigma-star.at>, kaber@trash.net,
        "keescook@chromium.org" <keescook@chromium.org>
Subject: Re: nf_conntrack: Infoleak via CTA_ID and CTA_EXPECT_ID
Message-ID: <20170630193544.GM9307@breakpoint.cc>
References: <c84e0301-2bb6-8932-2ed5-939340762159@nod.at>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <c84e0301-2bb6-8932-2ed5-939340762159@nod.at>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Richard Weinberger <richard@nod.at> wrote:
> Hi!
> 
> I noticed that nf_conntrack leaks kernel addresses, it uses the memory address
> as identifier used for generating conntrack and expect ids..
> Since these ids are also visible to unprivileged users via network namespaces
> I suggest reverting these commits:

Why not use a hash of the address?