Please sign in to comment.
netns: provide pure entropy for net_hash_mix()
net_hash_mix() currently uses kernel address of a struct net, and is used in many places that could be used to reveal this address to a patient attacker, thus defeating KASLR, for the typical case (initial net namespace, &init_net is not dynamically allocated) I believe the original implementation tried to avoid spending too many cycles in this function, but security comes first. Also provide entropy regardless of CONFIG_NET_NS. Fixes: 0b44191 ("netns: introduce the net_hash_mix "salt" for hashes") Signed-off-by: Eric Dumazet <email@example.com> Reported-by: Amit Klein <firstname.lastname@example.org> Reported-by: Benny Pinkas <email@example.com> Cc: Pavel Emelyanov <firstname.lastname@example.org> Signed-off-by: David S. Miller <email@example.com>
- Loading branch information...
Showing with 4 additions and 8 deletions.