MAC spoofing failure doesn't result in panic mode (module removal) (#8571) · Issues · tails / tails

MAC spoofing failure doesn't result in panic mode (module removal)

Originally created by @anonym on #8571 (Redmine)

If MAC spoofing fails, we have specified that we’re supposed to enter into a panic mode were we do our best to prevent the device in question to talk to the network (and hence leak the real MAC address) by removing the module etc. However, if macchanger returns an error we will actually not do this. See this extract from config/chroot_local-includes/usr/local/sbin/tails-spoof-mac:

spoof_mac() {
    local msg
    if ! msg=$(macchanger -e "${1}" 2>&1); then
        log "macchanger failed for NIC ${1}, returned ${?} and said: ${msg}"
        exit 1
    fi
}

The problem in the above is exit 1, which prevents the panic mode code from ever running. What was actually intended was probably return 1, which indeed will fix this issue. However, let’s first look at the context in which spoof_mac() is called:

for i in 1 2 3; do
    spoof_mac "${NIC}" || :
    NEW_MAC="$(get_current_mac_of_nic "${NIC}")"
    if [ "${OLD_MAC}" != "${NEW_MAC}" ]; then
        break
    fi
done

So, we ignore any failure status returned from spoof_mac(). We actually probably want to immediately enter the panic mode if macchanger fails, for added fail-safeness.

Feature Branch: bugfix/8571-fix-mac-spoof-panic-mode

Related issues

Related to #8685 (closed)
Related to #9531 (closed)

_Originally created by @anonym on [#8571 (Redmine)](https://public-redmine-archive.tails.boum.org/code/issues/8571)_

If MAC spoofing fails, we have specified that we’re supposed to enter
into a panic mode were we do our best to prevent the device in question
to talk to the network (and hence leak the real MAC address) by removing
the module etc. However, if `macchanger` returns an error we will
actually not do this. See this extract from
`config/chroot_local-includes/usr/local/sbin/tails-spoof-mac`:

spoof_mac() {
        local msg
        if ! msg=$(macchanger -e "${1}" 2>&1); then
            log "macchanger failed for NIC ${1}, returned ${?} and said: ${msg}"
            exit 1
        fi
    }

The problem in the above is `exit 1`, which prevents the panic mode code
from ever running. What was actually intended was probably `return 1`,
which indeed will fix this issue. However, let’s first look at the
context in which `spoof_mac()` is called:

for i in 1 2 3; do
        spoof_mac "${NIC}" || :
        NEW_MAC="$(get_current_mac_of_nic "${NIC}")"
        if [ "${OLD_MAC}" != "${NEW_MAC}" ]; then
            break
        fi
    done

So, we ignore any failure status returned from `spoof_mac()`. We
actually probably want to immediately enter the panic mode if
`macchanger` fails, for added fail-safeness.

Feature Branch: bugfix/8571-fix-mac-spoof-panic-mode

### Related issues

- **Related to** tails/tails#8685
  - **Related to** tails/tails#9531

Discussion
Designs

The one place for your designs

To enable design management, you'll need to meet the requirements. If you need help, reach out to our support team for assistance.