1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-23 21:35:11 +03:00

udev: when random MACs are requested, generate them with genuine randomness

This is a security feature, and we thus shouldn't derive the random MACs
from a potentially guessable source. MAC addresses are after all facing
to the outside, and can be interacted with from untrusted environments.
Hence, let's generate them the same way as we generate UUIDs: from
getrandom() or /dev/urandom, and optionally with RDRAND if that's
supported.

RDRAND should be fine, since this is not cryptographic key material, but
ultimately public information. We just want to make sure conflicts are
not likely.

Previously we'd generate the MACs via rand(), which means given the
short seed they are a little bit too guessable, making collisions too
likely. See #14355 in particular.

Fixes: #14355

(Note that #14355 was already fixed by
a0f11d1d11, but I think we should do
better even, and not rely on rand() and uninitialized random pools)
This commit is contained in:
Lennart Poettering 2020-05-19 23:07:15 +02:00 committed by Zbigniew Jędrzejewski-Szmek
parent d08a6ec39c
commit 550c8784c5

View File

@ -328,7 +328,11 @@ static int get_mac(sd_device *device, MACAddressPolicy policy, struct ether_addr
if (want_random) {
log_device_debug(device, "Using random bytes to generate MAC");
random_bytes(mac->ether_addr_octet, ETH_ALEN);
/* We require genuine randomness here, since we want to make sure we won't collide with other
* systems booting up at the very same time. We do allow RDRAND however, since this is not
* cryptographic key material. */
genuine_random_bytes(mac->ether_addr_octet, ETH_ALEN, RANDOM_ALLOW_RDRAND);
} else {
uint64_t result;