Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sat, 10 Jun 2017 09:00:53 +0200
From: HacKurx <hackurx@...il.com>
To: Matt Brown <matt@...tt.com>, Theodore Ts'o <tytso@....edu>,
 intrigeri <intrigeri@...m.org>
Cc: kernel-hardening@...ts.openwall.com
Subject: Re: Patch for random mac address

Le 09/06/2017 à 15:11, Matt Brown a écrit :

> On 5/25/17 11:48 AM, Theodore Ts'o wrote:
>> On Thu, May 25, 2017 at 09:31:15AM +0200, intrigeri wrote:
>>> HacKurx:
>>>> Because this would be useful for distributions like Tails, Subgraph
>>>> OS, Kali Linux and other ...
>>> For what it's worth, it's unlikely that Tails ever uses this unless it
>>> can be controlled at runtime from userspace: we need to give users an
>>> option to disable MAC address randomization, because it breaks network
>>> connectivity in some cases.
>> BTW, in case people aren't aware ---- you can set the MAC address from
>> userspace already:
>>
>> Package: macchanger
>
> Yeah I've used this program before. If you want it to always run at boot
> you can write a service script for your init system of choice and set it
> to run on start up.
>
> In what way does this patch protect you more than a start up script as
> described above?
>
> Matt
Because macchanger use the kernel...
It is loaded too late and increases the risk of the MAC address does not change. See:
https://github.com/alobbs/macchanger/issues

Does your startup script depend on systemd? Who it depends on udev and recommend dbus ...
Is the permanent MAC address stored in the system logs (boot, ipv6, firewall) ?
If a user use journalctl under ubuntu he could see this without sudo ...

For me randomize MAC in a kernel is be the best method to do this.

Loic

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.