On 08/10/15 21:47, Tom Gundersen wrote: > On Mon, Sep 7, 2015 at 7:49 PM, Lubomir Rintel <lkund...@v3.sk> wrote: >> This sounds a bit like machine-id, unfortunately given it's world >> readable and available via DBus (and possibly on a network?) it >> doesn'tseem to be secret enough.
For context, the D-Bus machine ID (on which the systemd machine ID was based) was intended to be used somewhat like the hostname, except with the expectation that it is actually unique (unlike hostnames, which are user-meaningful and therefore somewhat likely to collide). For instance, GNOME's displays control panel stores a separate monitor layout per machine ID, so that each machine has its appropriate monitor layout even if they NFS-share a home directory. Like a hostname, the machine ID is not really meant to be secret; for instance, I think it would be OK to use the machine ID as a fallback hostname, which could result in it being sent over the network in DHCP or mDNS packets. > A priori, it would perhaps have been nice to consider the real > machine-id on disk to be "secret", and only ever expose a hash of it How secret is "secret" here? Readable by root only? Readable by root and system users? Readable by all local users? If a system component like systemd (or D-Bus for that matter) is going to provide this as a "system API", then it needs to be well-defined. From the D-Bus point of view, in new installations it seems fine to use the hash of a random secret as a basis for the world-readable machine ID. However, in existing installations that are upgraded, the old machine ID should always be preserved. S -- Simon McVittie Collabora Ltd. <http://www.collabora.com/> _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel