Re: nf_conntrack: Infoleak via CTA_ID and CTA_EXPECT_ID

From: Florian Westphal
Date: Fri Jun 30 2017 - 15:37:26 EST


Richard Weinberger <richard@xxxxxx> wrote:
> Hi!
>
> I noticed that nf_conntrack leaks kernel addresses, it uses the memory address
> as identifier used for generating conntrack and expect ids..
> Since these ids are also visible to unprivileged users via network namespaces
> I suggest reverting these commits:

Why not use a hash of the address?