[Whonix-devel] [Secure Desktops] Tails' MAC 'leak prevention' question

Marek Marczykowski-Górecki marmarek at invisiblethingslab.com
Thu Nov 26 03:18:12 CET 2015

On Wed, Nov 25, 2015 at 11:09:32PM +0000, Patrick Schleizer wrote:
> I understand Tails' MAC 'leak prevention' [1] [2] as this... Without
> 'leak prevention', things would happen like this:
> a)
> 1) system boots
> 2) kernel module loaded
> 3) MAC leaked
> 4) macchanger started
> 5) MAC changed
> 6) NetworkManager started
> So the MAC leaked even before NetworkManager, before the the interface
> has been uped, before macchanger may have had a chance to change it.

Can someone point some reference for this? I think the network interface
send absolutely nothing when it isn't uped. 

> Therefore Tails does as this:
> b)
> 1) system boots with kernel modules blacklisted
> 2) user makes decision [to spoof MAC]
> 3) MAC changed
> 4) kernel module loaded
> 5) NetworkManger started
> But if there hypothesis was true... They still have a small window
> between tails-unblock-network, service network-manager start and macchanger.
> Can the MAC be changed without having the kernel module loaded?
> - if yes -> great
> - if no -> then there would be room for MAC leaks like in a), right?

I think it's not. There is no network interface then, so nothing that
could passed to macchanger.

Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: <http://www.whonix.org/pipermail/whonix-devel/attachments/20151126/bf526f93/attachment.sig>

More information about the Whonix-devel mailing list