[Whonix-devel] [Secure Desktops] Tails' MAC 'leak prevention' question
marmarek at invisiblethingslab.com
Thu Nov 26 03:18:12 CET 2015
On Wed, Nov 25, 2015 at 11:09:32PM +0000, Patrick Schleizer wrote:
> I understand Tails' MAC 'leak prevention'   as this... Without
> 'leak prevention', things would happen like this:
> 1) system boots
> 2) kernel module loaded
> 3) MAC leaked
> 4) macchanger started
> 5) MAC changed
> 6) NetworkManager started
> So the MAC leaked even before NetworkManager, before the the interface
> has been uped, before macchanger may have had a chance to change it.
Can someone point some reference for this? I think the network interface
send absolutely nothing when it isn't uped.
> Therefore Tails does as this:
> 1) system boots with kernel modules blacklisted
> 2) user makes decision [to spoof MAC]
> 3) MAC changed
> 4) kernel module loaded
> 5) NetworkManger started
> But if there hypothesis was true... They still have a small window
> between tails-unblock-network, service network-manager start and macchanger.
> Can the MAC be changed without having the kernel module loaded?
> - if yes -> great
> - if no -> then there would be room for MAC leaks like in a), right?
I think it's not. There is no network interface then, so nothing that
could passed to macchanger.
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 473 bytes
Desc: not available
More information about the Whonix-devel