Fail safe by entering panic mode if macchanger exits with an error.

If macchanger fails we have to treat the situation as undefined. We can't trust that get_current_mac_of_nic() returns the actual state of the hardware; perhaps it instead reports the driver's state that was successfully spoofed but not applied in the hardware?

Fail safe by entering panic mode if macchanger exits with an error.
If macchanger fails we have to treat the situation as undefined. We can't trust that get_current_mac_of_nic() returns the actual state of the hardware; perhaps it instead reports the driver's state that was successfully spoofed but not applied in the hardware?
9042c417 · Tails developers · 1b46b5b1 · 9042c417
Commit 9042c417 authored Jan 06, 2015 by Tails developers
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 1 deletion

config/chroot_local-includes/usr/local/sbin/tails-spoof-mac config/chroot_local-includes/usr/local/sbin/tails-spoof-mac +6 -1

No files found.
--- a/config/chroot_local-includes/usr/local/sbin/tails-spoof-mac
+++ b/config/chroot_local-includes/usr/local/sbin/tails-spoof-mac
@@ -95,7 +95,12 @@ OLD_MAC="$(get_current_mac_of_nic "${NIC}")"
 # real MAC address at each occasion but actually leaking the real MAC
 # address will be more serious in practice.
 for i in 1 2 3; do
-    spoof_mac "${NIC}" || :
+    if ! spoof_mac "${NIC}"; then
+        # If our MAC spoofing primitive fails, we fail safe by forcing
+        # us to enter into panic mode.
+        unset NEW_MAC
+        break
+    fi
    NEW_MAC="$(get_current_mac_of_nic "${NIC}")"
    if [ "${OLD_MAC}" != "${NEW_MAC}" ]; then
        break