Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
T
tails
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 944
    • Issues 944
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge Requests 11
    • Merge Requests 11
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Incidents
    • Environments
  • Analytics
    • Analytics
    • CI / CD
    • Repository
    • Value Stream
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
  • tails
  • tails
  • Issues
  • #8571

Closed
Open
Opened Jan 06, 2015 by anonym@anonymMaintainer

MAC spoofing failure doesn't result in panic mode (module removal)

Originally created by @anonym on #8571 (Redmine)

If MAC spoofing fails, we have specified that we’re supposed to enter into a panic mode were we do our best to prevent the device in question to talk to the network (and hence leak the real MAC address) by removing the module etc. However, if macchanger returns an error we will actually not do this. See this extract from config/chroot_local-includes/usr/local/sbin/tails-spoof-mac:

spoof_mac() {
    local msg
    if ! msg=$(macchanger -e "${1}" 2>&1); then
        log "macchanger failed for NIC ${1}, returned ${?} and said: ${msg}"
        exit 1
    fi
}

The problem in the above is exit 1, which prevents the panic mode code from ever running. What was actually intended was probably return 1, which indeed will fix this issue. However, let’s first look at the context in which spoof_mac() is called:

for i in 1 2 3; do
    spoof_mac "${NIC}" || :
    NEW_MAC="$(get_current_mac_of_nic "${NIC}")"
    if [ "${OLD_MAC}" != "${NEW_MAC}" ]; then
        break
    fi
done

So, we ignore any failure status returned from spoof_mac(). We actually probably want to immediately enter the panic mode if macchanger fails, for added fail-safeness.

Feature Branch: bugfix/8571-fix-mac-spoof-panic-mode

Related issues

  • Related to #8685 (closed)
  • Related to #9531 (closed)
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information
Assignee
Assign to
Tails_1.2.3
Milestone
Tails_1.2.3 (Past due)
Assign milestone
Time tracking
None
Due date
None
Reference: tails/tails#8571