Date: Sat, 10 Jun 2017 09:00:53 +0200 From: HacKurx <hackurx@...il.com> To: Matt Brown <matt@...tt.com>, Theodore Ts'o <tytso@....edu>, intrigeri <intrigeri@...m.org> Cc: kernel-hardening@...ts.openwall.com Subject: Re: Patch for random mac address Le 09/06/2017 à 15:11, Matt Brown a écrit : > On 5/25/17 11:48 AM, Theodore Ts'o wrote: >> On Thu, May 25, 2017 at 09:31:15AM +0200, intrigeri wrote: >>> HacKurx: >>>> Because this would be useful for distributions like Tails, Subgraph >>>> OS, Kali Linux and other ... >>> For what it's worth, it's unlikely that Tails ever uses this unless it >>> can be controlled at runtime from userspace: we need to give users an >>> option to disable MAC address randomization, because it breaks network >>> connectivity in some cases. >> BTW, in case people aren't aware ---- you can set the MAC address from >> userspace already: >> >> Package: macchanger > > Yeah I've used this program before. If you want it to always run at boot > you can write a service script for your init system of choice and set it > to run on start up. > > In what way does this patch protect you more than a start up script as > described above? > > Matt Because macchanger use the kernel... It is loaded too late and increases the risk of the MAC address does not change. See: https://github.com/alobbs/macchanger/issues Does your startup script depend on systemd? Who it depends on udev and recommend dbus ... Is the permanent MAC address stored in the system logs (boot, ipv6, firewall) ? If a user use journalctl under ubuntu he could see this without sudo ... For me randomize MAC in a kernel is be the best method to do this. Loic
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.