Bug#943716: systemd: generates a directory name with the /etc/machine-id value, which is confidential
Vincent Lefevre
vincent at vinc17.net
Tue Oct 29 01:25:50 GMT 2019
On 2019-10-28 23:22:54 +0100, Michael Biebl wrote:
> I don't see a problem with /etc/machine-id being word-readable, I don't
> see a problem either with the journal directory containing the
> machine-id. If someone posts the id to a forum, I don't consider this
> problematic either.
>
> The man pages recommends to not broadcast the machine-id via the network
> for the simple reason, as this would easily allow the machine to be
> tracked. This does not apply here.
No, this is not what the man page is saying. It just says that
is it confidential. So, for instance, someone could decide that
it is used for machine authentication. Thus a foreign machine
could steal the ID to access services it should not be allowed
to.
In any case, the man page says "must not be exposed in untrusted
environments, in particular on the network." And this part has
been broken.
Note also that the same paragraph recommends to use a hash as a
stable unique identifier. But since this is meant to be stable
and unique, this would also allow the machine to be tracked if
such a hash is exposed on the network. So the reason you give
is obviously wrong.
--
Vincent Lefèvre <vincent at vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
More information about the Pkg-systemd-maintainers
mailing list