Bug#943716: systemd: generates a directory name with the /etc/machine-id value, which is confidential
Michael Biebl
biebl at debian.org
Mon Oct 28 22:22:54 GMT 2019
Control: tags -1 + moreinfo
Am 28.10.19 um 15:23 schrieb Vincent Lefevre:
> Package: systemd
> Version: 242-7
> Severity: important
> Tags: security
>
> systemd generates a directory name under /var/log/journal with
> the /etc/machine-id value, which is confidential according to
> the machine-id(5) man page:
>
> This ID uniquely identifies the host. It should be considered
> "confidential", and must not be exposed in untrusted environments, in
> particular on the network. If a stable unique identifier that is tied
> to the machine is needed for some application, the machine ID or any
> part of it must not be used directly. Instead the machine ID should be
> hashed with a cryptographic, keyed hash function, using a fixed,
> application-specific key. That way the ID will be properly unique, and
> derived in a constant way from the machine ID but there will be no way
> to retrieve the original machine ID from the application-specific one.
> The sd_id128_get_machine_app_specific(3) API provides an implementation
> of such an algorithm.
>
> This directory name is not directly exposed on the network, but most
> users do not know where it comes from and that it is confidential,
> so that it may end up on the net, e.g. in debugging exchanges and
> when asking for help. An example:
>
> https://forum.ubuntu-fr.org/viewtopic.php?pid=21992288#p21992288
>
> As a consequence, the machine-id is also present in journalctl output,
> which may also end up on the net.
>
> BTW, the fact that this ID is available in a file, in particular
> word-readable, instead of an API to generate a hash, is a bad idea.
I don't see a problem with /etc/machine-id being word-readable, I don't
see a problem either with the journal directory containing the
machine-id. If someone posts the id to a forum, I don't consider this
problematic either.
The man pages recommends to not broadcast the machine-id via the network
for the simple reason, as this would easily allow the machine to be
tracked. This does not apply here.
Please elaborate what the actual problem is you are seeing.
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20191028/4515b4a9/attachment.sig>
More information about the Pkg-systemd-maintainers
mailing list