_Originally created by @anonym on [#8571 (Redmine)](https://public-redmine-archive.tails.boum.org/code/issues/8571)_ If MAC spoofing fails, we have specified that we’re supposed to enter into a panic mode were we do our best to prevent the device in question to talk to the network (and hence leak the real MAC address) by removing the module etc. However, if `macchanger` returns an error we will actually not do this. See this extract from `config/chroot_local-includes/usr/local/sbin/tails-spoof-mac`: spoof_mac() { local msg if ! msg=$(macchanger -e "${1}" 2>&1); then log "macchanger failed for NIC ${1}, returned ${?} and said: ${msg}" exit 1 fi } The problem in the above is `exit 1`, which prevents the panic mode code from ever running. What was actually intended was probably `return 1`, which indeed will fix this issue. However, let’s first look at the context in which `spoof_mac()` is called: for i in 1 2 3; do spoof_mac "${NIC}" || : NEW_MAC="$(get_current_mac_of_nic "${NIC}")" if [ "${OLD_MAC}" != "${NEW_MAC}" ]; then break fi done So, we ignore any failure status returned from `spoof_mac()`. We actually probably want to immediately enter the panic mode if `macchanger` fails, for added fail-safeness. Feature Branch: bugfix/8571-fix-mac-spoof-panic-mode ### Related issues - **Related to** tails/tails#8685 - **Related to** tails/tails#9531