Re: nf_conntrack: Infoleak via CTA_ID and CTA_EXPECT_ID

From: Florian Westphal
Date: Wed Jul 12 2017 - 18:21:15 EST

Next message: James Morris: "Re: [PATCH v2] xattr: Enable security.capability in user namespaces"
Previous message: Matthias Kaehlcke: "Re: [PATCH] Revert "x86/uaccess: Add stack frame output operand in get_user() inline asm""
In reply to: Richard Weinberger: "Re: nf_conntrack: Infoleak via CTA_ID and CTA_EXPECT_ID"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Richard Weinberger <richard@xxxxxx> wrote:
> Am 01.07.2017 um 12:35 schrieb Florian Westphal:
> > The compare on removal is not needed afaics, and its also not used when
> > doing lookup to begin with, so we can just recompute it?
>
> Isn't this a way too much overhead?

I don't think so. This computation only occurs when we dump events
to userspace.

> I personally favor Pablo's per-cpu counter approach.
> That way the IDs are unique again and we get rid of the info leak without
> much effort.

I have not seen these patches so can't really comment.

Next message: James Morris: "Re: [PATCH v2] xattr: Enable security.capability in user namespaces"
Previous message: Matthias Kaehlcke: "Re: [PATCH] Revert "x86/uaccess: Add stack frame output operand in get_user() inline asm""
In reply to: Richard Weinberger: "Re: nf_conntrack: Infoleak via CTA_ID and CTA_EXPECT_ID"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]