Page MenuHomePhabricator

revisit handling of /var/lib/dbus/machine-id
Open, NormalPublic

Details

Impact
Normal

Event Timeline

Patrick created this task.Dec 24 2016, 7:02 PM

Would it cause any issues if the machine-id was just deleted or replaced with a bunch of 0s?

What would happen if the permissions for /etc/machine-id and /var/lib/dbus/machine-id were restricted to root only?

Would it be possible to do either of these?

Would it cause any issues if the machine-id was just deleted or replaced with a bunch of 0s?

Could be.

What would happen if the permissions for /etc/machine-id and /var/lib/dbus/machine-id were restricted to root only?

https://lists.ubuntu.com/archives/apparmor/2016-February/009371.html says it is used for various things so it might break some things.

Would it be possible to do either of these?

Possible, yes. Since these files aren't owned by any packages it is easy to ship them.

https://lists.ubuntu.com/archives/apparmor/2016-February/009371.html says it is used for various things so it might break some things.

Wouldn't using a fake machine-id e.g. a bunch of zeroes fix this? The programs are still able to use a machine-id and it isn't unique.

Patrick added a comment.EditedMay 12 2019, 3:21 AM

madaidan (madaidan):

madaidan added a comment.

> https://lists.ubuntu.com/archives/apparmor/2016-February/009371.html says it is used for various things so it might break some things.
Wouldn't using a fake machine-id e.g. a bunch of zeroes fix this?

Using something similar. Not using all zeros. A generated
/var/lib/dbus/machine-id which is shared among all Whonix users.

https://github.com/Whonix/anon-base-files/blob/master/var/lib/dbus/machine-id

I don't think using all zeros would be superior to a generated one. Pros
all zeros: more obvious to reviewer it's non-standard. Cons all zeros:
might fail a sanity test of some application? Pros generated: won't fail
any sanity test. Cons generated: not obvious to reviewer that it's
shared among all Whonix users.

All zero vs the current shared one probably makes no big difference.

The question that Tails asks in their issue tracker:

https://redmine.tails.boum.org/code/issues/7100

Modern GNU/Linux tools (D-Bus, systemd) relies more and more on /etc/machine-id and/or /var/lib/dbus/machine-id (depending on the OS, versions, etc.). In most situations we care about, if not all, this ID should not be leaked to the network. If it is, then:

  • if we set the same machine-id everywhere, then users are all in the same anonymity set; but this also leaks that they're using Tails
  • if we set unique machine-id on boot, then we don't leak that users are using Tails, and applications that rely on machine-id working on the LAN work; OTOH, if machine-id leaks on the Internet, then the fact that users are not in the same anonymity set can be a problem

We should first evaluate if/how machine-id can be leaked, and then think about this all, and decide something.

The way it is now looks fine. Why would it need to be changed?

Maybe there is no need. It's just when Tails has a ticket, we should
check it at Whonix too. Thank you for looking into this, too!