From: HacKurx <hackurx@gmail.com>
To: Matt Brown <matt@nmatt.com>, Theodore Ts'o <tytso@mit.edu>,
intrigeri <intrigeri@boum.org>
Cc: kernel-hardening@lists.openwall.com
Subject: Re: [kernel-hardening] Patch for random mac address
Date: Sat, 10 Jun 2017 09:00:53 +0200 [thread overview]
Message-ID: <358ca0aa-e2fb-d451-48bf-1edcb2251fe4@gmail.com> (raw)
In-Reply-To: <0bbee9e4-78b5-c7d9-369f-2f2d9a480bf3@nmatt.com>
Le 09/06/2017 à 15:11, Matt Brown a écrit :
> On 5/25/17 11:48 AM, Theodore Ts'o wrote:
>> On Thu, May 25, 2017 at 09:31:15AM +0200, intrigeri wrote:
>>> HacKurx:
>>>> Because this would be useful for distributions like Tails, Subgraph
>>>> OS, Kali Linux and other ...
>>> For what it's worth, it's unlikely that Tails ever uses this unless it
>>> can be controlled at runtime from userspace: we need to give users an
>>> option to disable MAC address randomization, because it breaks network
>>> connectivity in some cases.
>> BTW, in case people aren't aware ---- you can set the MAC address from
>> userspace already:
>>
>> Package: macchanger
>
> Yeah I've used this program before. If you want it to always run at boot
> you can write a service script for your init system of choice and set it
> to run on start up.
>
> In what way does this patch protect you more than a start up script as
> described above?
>
> Matt
Because macchanger use the kernel...
It is loaded too late and increases the risk of the MAC address does not change. See:
https://github.com/alobbs/macchanger/issues
Does your startup script depend on systemd? Who it depends on udev and recommend dbus ...
Is the permanent MAC address stored in the system logs (boot, ipv6, firewall) ?
If a user use journalctl under ubuntu he could see this without sudo ...
For me randomize MAC in a kernel is be the best method to do this.
Loic
prev parent reply other threads:[~2017-06-10 7:00 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-24 20:44 [kernel-hardening] Patch for random mac address HacKurx
2017-05-24 22:40 ` Casey Schaufler
2017-05-24 23:05 ` Lukas Odzioba
2017-05-25 7:31 ` intrigeri
2017-05-25 15:07 ` Rik van Riel
2017-05-25 15:47 ` intrigeri
2017-05-25 15:59 ` Rik van Riel
2017-05-25 17:28 ` Kees Cook
2017-05-25 21:28 ` Anisse Astier
2017-05-26 8:23 ` Daniel Micay
2017-05-26 7:55 ` HacKurx
2017-05-26 12:34 ` Anisse Astier
2017-05-26 14:41 ` HacKurx
2017-06-09 12:00 ` HacKurx
2017-06-09 13:01 ` Anisse Astier
2017-05-25 15:48 ` Theodore Ts'o
2017-06-09 13:11 ` Matt Brown
2017-06-10 7:00 ` HacKurx [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=358ca0aa-e2fb-d451-48bf-1edcb2251fe4@gmail.com \
--to=hackurx@gmail.com \
--cc=intrigeri@boum.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=matt@nmatt.com \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.