1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-25 01:34:28 +03:00
systemd/src
Lennart Poettering 550c8784c5 udev: when random MACs are requested, generate them with genuine randomness
This is a security feature, and we thus shouldn't derive the random MACs
from a potentially guessable source. MAC addresses are after all facing
to the outside, and can be interacted with from untrusted environments.
Hence, let's generate them the same way as we generate UUIDs: from
getrandom() or /dev/urandom, and optionally with RDRAND if that's
supported.

RDRAND should be fine, since this is not cryptographic key material, but
ultimately public information. We just want to make sure conflicts are
not likely.

Previously we'd generate the MACs via rand(), which means given the
short seed they are a little bit too guessable, making collisions too
likely. See #14355 in particular.

Fixes: #14355

(Note that #14355 was already fixed by
a0f11d1d11, but I think we should do
better even, and not rely on rand() and uninitialized random pools)
2020-05-20 08:25:18 +02:00
..
ac-power
activate util-lib: move things that parse ifnames to shared/ 2020-01-11 12:07:28 +01:00
analyze condition: add ConditionEnvironment= 2020-05-15 16:05:33 +02:00
ask-password
backlight
basic fs-util: teach unlinkat_deallocate() a simple scheme for overwriting for erasing 2020-05-19 17:27:13 +02:00
binfmt binfmt: also unregister binfmt entries from unit 2020-04-23 17:14:45 +02:00
boot tree-wide: fix spelling errors 2020-04-21 23:21:08 +02:00
busctl busctl: improve error messages on duplicate members/interfaces 2020-05-19 09:11:15 +02:00
cgls
cgroups-agent
cgtop
core core: allow overriding the system hostname with systemd.hostname= on the kernel command line 2020-05-18 20:20:50 +02:00
coredump journalctl,elsewhere: make sure --file=foo fails with sane error msg if foo is not readable 2020-05-19 15:26:51 +02:00
cryptsetup cryptsetup: fix minor indentation issue 2020-05-19 17:28:43 +02:00
debug-generator
delta
detect-virt
dissect dissect: add --fsck= option to systemd-dissect tool 2020-01-29 19:29:52 +01:00
environment-d-generator sd-path: rename the two functions 2020-03-27 20:12:44 +01:00
escape
firstboot tree-wide: port various bits over to locale_is_installed() 2020-05-07 17:24:22 +02:00
fsck
fstab-generator Merge pull request #15265 from fbuihuu/mount-fixes 2020-05-15 11:13:45 +02:00
fuzz ci: turn off FuzzBuzz 2020-03-30 14:57:22 +02:00
getty-generator
gpt-auto-generator units: introduce blockdev@.target for properly ordering mounts/swaps against cryptsetup 2020-01-21 20:23:13 +01:00
hibernate-resume Fix generator name in hibernate-resume-generator's drop-in 2020-02-04 14:49:04 +09:00
home Merge pull request #15794 from poettering/pam-sudo-fixes-part2 2020-05-19 10:09:14 +02:00
hostname hostnamed: call our destructor _destroy(), not _clear() 2020-05-18 21:12:37 +02:00
hwdb
id128 id128: change table header from "uuid" to just "id" 2020-01-29 15:32:26 +01:00
import tree-wide: Replace assert() by assert_se() when there is side effect 2020-05-10 09:23:12 +02:00
initctl tree-wide: use structured initialization at various places 2020-04-24 07:44:42 +02:00
journal journalctl,elsewhere: make sure --file=foo fails with sane error msg if foo is not readable 2020-05-19 15:26:51 +02:00
journal-remote journalctl,elsewhere: make sure --file=foo fails with sane error msg if foo is not readable 2020-05-19 15:26:51 +02:00
kernel-install Add meson build option to prevent building kernel-install 2020-04-14 20:22:32 +02:00
libsystemd Merge pull request #15804 from poettering/hostnamed-instant-part1 2020-05-18 15:26:24 +02:00
libsystemd-network sd-network: DHCPv6 - add support to send userclass option 2020-05-19 11:44:51 +02:00
libudev tree-wide: fix spelling errors 2020-04-21 23:21:08 +02:00
locale Merge pull request #15651 from poettering/newlocale-check 2020-05-08 11:31:34 +02:00
login pam_systemd/pam_systemd_home: rework how we cache user records 2020-05-12 17:38:32 +02:00
machine machine: switch to BusLocator-oriented helpers 2020-05-07 08:46:43 -07:00
machine-id-setup
modules-load
mount mount: switch to BusLocator-oriented helpers 2020-05-07 08:46:44 -07:00
network DHCP: Use UINT8_MAX instead of 255 2020-05-19 11:48:37 +02:00
notify Introduce sd_notify_barrier 2020-05-01 03:22:47 +05:30
nspawn tree-wide: add size limits for tmpfs mounts 2020-05-13 00:37:18 +02:00
nss-myhostname tree-wide: use "hostname" spelling everywhere 2020-04-21 16:58:04 +02:00
nss-mymachines nss-mymachines: switch to BusLocator-oriented helpers 2020-05-07 08:46:44 -07:00
nss-resolve nss-resolve: switch to BusLocator-oriented helpers 2020-05-07 08:46:44 -07:00
nss-systemd nss-systemd: don't synthesize root/nobody when iterating 2020-04-23 23:07:08 +02:00
partition Merge pull request #15836 from poettering/makefs-lock 2020-05-19 15:23:23 +02:00
path path: log at debug level when we can't query a variable 2020-03-27 20:12:45 +01:00
portable Merge pull request #15623 from poettering/cmsg-cleanup 2020-05-08 11:05:06 +02:00
pstore
quotacheck
random-seed random-seed: add missing header for GRND_NONBLOCK (#14988) 2020-03-02 14:48:21 +09:00
rc-local-generator
remount-fs
reply-password
resolve Merge pull request #15804 from poettering/hostnamed-instant-part1 2020-05-18 15:26:24 +02:00
rfkill
run run: switch to BusLocator-oriented helpers 2020-05-07 08:46:44 -07:00
run-generator
shared Merge pull request #15836 from poettering/makefs-lock 2020-05-19 15:23:23 +02:00
shutdown shutdown: fix spacing in shutdown error message 2020-05-05 10:23:47 +02:00
sleep sleep: automatically lock all home directories when suspending 2020-01-28 22:36:56 +01:00
socket-proxy socket-proxy: Support exit-on-idle 2020-05-06 13:58:57 +02:00
stdio-bridge
sulogin-shell
sysctl journalctl,elsewhere: make sure --file=foo fails with sane error msg if foo is not readable 2020-05-19 15:26:51 +02:00
system-update-generator
systemctl systemctl: Fix frozen state coloring 2020-05-19 19:35:36 +02:00
systemd sd-network: DHCPv6 - add support to send userclass option 2020-05-19 11:44:51 +02:00
sysusers Merge pull request #15718 from poettering/tmpfiles-offline 2020-05-08 11:22:19 +02:00
sysv-generator
test fs-util: teach unlinkat_deallocate() a simple scheme for overwriting for erasing 2020-05-19 17:27:13 +02:00
time-wait-sync
timedate timedate: switch to BusLocator-oriented helpers 2020-05-07 08:46:44 -07:00
timesync tree-wide: make sure our control buffers are properly aligned 2020-05-07 14:39:44 +02:00
tmpfiles Merge pull request #15718 from poettering/tmpfiles-offline 2020-05-08 11:22:19 +02:00
tty-ask-password-agent tree-wide: use the return value from sockaddr_un_set_path() 2020-03-02 15:55:44 +01:00
udev udev: when random MACs are requested, generate them with genuine randomness 2020-05-20 08:25:18 +02:00
update-done
update-utmp Remove unneded {}s 2020-04-13 09:31:49 +02:00
user-sessions
userdb userdbctl: make --help fit in 80 columns 2020-04-28 09:56:24 +02:00
vconsole
veritysetup
version tree-wide: spellcheck using codespell 2020-04-16 18:00:40 +02:00
volatile-root tree-wide: add size limits for tmpfs mounts 2020-05-13 00:37:18 +02:00