Your message dated Tue, 29 Oct 2019 08:12:59 +0100
with message-id <[email protected]>
and subject line Re: Bug#943716: systemd: generates a directory name with the
/etc/machine-id value, which is confidential
has caused the Debian Bug report #943716,
regarding systemd: generates a directory name with the /etc/machine-id value,
which is confidential
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
943716: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943716
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: systemd
Version: 242-7
Severity: important
Tags: security
systemd generates a directory name under /var/log/journal with
the /etc/machine-id value, which is confidential according to
the machine-id(5) man page:
This ID uniquely identifies the host. It should be considered
"confidential", and must not be exposed in untrusted environments, in
particular on the network. If a stable unique identifier that is tied
to the machine is needed for some application, the machine ID or any
part of it must not be used directly. Instead the machine ID should be
hashed with a cryptographic, keyed hash function, using a fixed,
application-specific key. That way the ID will be properly unique, and
derived in a constant way from the machine ID but there will be no way
to retrieve the original machine ID from the application-specific one.
The sd_id128_get_machine_app_specific(3) API provides an implementation
of such an algorithm.
This directory name is not directly exposed on the network, but most
users do not know where it comes from and that it is confidential,
so that it may end up on the net, e.g. in debugging exchanges and
when asking for help. An example:
https://forum.ubuntu-fr.org/viewtopic.php?pid=21992288#p21992288
As a consequence, the machine-id is also present in journalctl output,
which may also end up on the net.
BTW, the fact that this ID is available in a file, in particular
word-readable, instead of an API to generate a hash, is a bad idea.
-- Package-specific info:
-- System Information:
Debian Release: bullseye/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'stable-updates'), (500,
'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.3.0-1-amd64 (SMP w/12 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE,
TAINT_UNSIGNED_MODULE
Locale: LANG=POSIX, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=POSIX
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages systemd depends on:
ii adduser 3.118
ii libacl1 2.2.53-5
ii libapparmor1 2.13.3-5+b1
ii libaudit1 1:2.8.5-2
ii libblkid1 2.34-0.1
ii libc6 2.29-2
ii libcap2 1:2.25-2
ii libcryptsetup12 2:2.2.1-1
ii libgcrypt20 1.8.5-3
ii libgnutls30 3.6.9-5
ii libgpg-error0 1.36-7
ii libidn2-0 2.2.0-2
ii libip4tc2 1.8.3-2
ii libkmod2 26-3
ii liblz4-1 1.9.1-2
ii liblzma5 5.2.4-1+b1
ii libmount1 2.34-0.1
ii libpam0g 1.3.1-5
ii libpcre2-8-0 10.32-5+b1
ii libseccomp2 2.4.1-2
ii libselinux1 2.9-2+b2
ii libsystemd0 242-7
ii mount 2.34-0.1
ii util-linux 2.34-0.1
Versions of packages systemd recommends:
ii dbus 1.12.16-2
ii libpam-systemd 242-7
Versions of packages systemd suggests:
ii policykit-1 0.105-26
pn systemd-container <none>
Versions of packages systemd is related to:
pn dracut <none>
ii initramfs-tools 0.135
ii udev 242-7
-- Configuration Files:
/etc/systemd/journald.conf changed:
[Journal]
Storage=persistent
/etc/systemd/system.conf changed:
[Manager]
DefaultTimeoutStopSec=20s
-- no debconf information
--- End Message ---
--- Begin Message ---
Am 29.10.2019 um 02:25 schrieb Vincent Lefevre:
> On 2019-10-28 23:22:54 +0100, Michael Biebl wrote:
>> I don't see a problem with /etc/machine-id being word-readable, I don't
>> see a problem either with the journal directory containing the
>> machine-id. If someone posts the id to a forum, I don't consider this
>> problematic either.
>>
>> The man pages recommends to not broadcast the machine-id via the network
>> for the simple reason, as this would easily allow the machine to be
>> tracked. This does not apply here.
>
> No, this is not what the man page is saying. It just says that
> is it confidential. So, for instance, someone could decide that
> it is used for machine authentication. Thus a foreign machine
> could steal the ID to access services it should not be allowed
> to.
You certainly should not use machine-id for authorization.
Somehow, because the man page uses overly cautious language you
interpret that as it being more then an identifier.
Anyway, I'm closing this bug report, as there is nothing to fix here,
certainly not on the Debian side via a Debian specific patch.
If you feel strongly about this which you seem to do, you should raise
this upstream. I won't forward this issue upstream, since I'm convinced
it is not an issue and so I can't argue about this with upstream.
Michael
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
signature.asc
Description: OpenPGP digital signature
--- End Message ---
