[Whonix-devel] [Secure Desktops] Tails' MAC 'leak prevention' question
Marek Marczykowski-Górecki
marmarek at invisiblethingslab.com
Thu Nov 26 03:18:12 CET 2015
On Wed, Nov 25, 2015 at 11:09:32PM +0000, Patrick Schleizer wrote:
> I understand Tails' MAC 'leak prevention' [1] [2] as this... Without
> 'leak prevention', things would happen like this:
>
> a)
>
> 1) system boots
> 2) kernel module loaded
> 3) MAC leaked
> 4) macchanger started
> 5) MAC changed
> 6) NetworkManager started
>
> So the MAC leaked even before NetworkManager, before the the interface
> has been uped, before macchanger may have had a chance to change it.
Can someone point some reference for this? I think the network interface
send absolutely nothing when it isn't uped.
> Therefore Tails does as this:
>
> b)
>
> 1) system boots with kernel modules blacklisted
> 2) user makes decision [to spoof MAC]
> 3) MAC changed
> 4) kernel module loaded
> 5) NetworkManger started
>
> But if there hypothesis was true... They still have a small window
> between tails-unblock-network, service network-manager start and macchanger.
>
> Can the MAC be changed without having the kernel module loaded?
> - if yes -> great
> - if no -> then there would be room for MAC leaks like in a), right?
I think it's not. There is no network interface then, so nothing that
could passed to macchanger.
--
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: <http://www.whonix.org/pipermail/whonix-devel/attachments/20151126/bf526f93/attachment.sig>
More information about the Whonix-devel
mailing list