From patchwork Fri May 26 07:55:37 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: HacKurx <hackurx@gmail.com>
X-Patchwork-Id: 9750497
Return-Path: 
 <kernel-hardening-return-8043-patchwork-kernel-hardening=patchwork.kernel.org@lists.openwall.com>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	3BB5360249 for <patchwork-kernel-hardening@patchwork.kernel.org>;
	Fri, 26 May 2017 12:08:58 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 32B9B2624B
	for <patchwork-kernel-hardening@patchwork.kernel.org>;
	Fri, 26 May 2017 12:08:58 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 2672B26538; Fri, 26 May 2017 12:08:58 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.3 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM,
	RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1
Received: from mother.openwall.net (mother.openwall.net [195.42.179.200])
	by mail.wl.linuxfoundation.org (Postfix) with SMTP id 1A7112624B
	for <patchwork-kernel-hardening@patchwork.kernel.org>;
	Fri, 26 May 2017 12:08:56 +0000 (UTC)
Received: (qmail 12181 invoked by uid 550); 26 May 2017 12:08:54 -0000
Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:kernel-hardening@lists.openwall.com>
List-Help: <mailto:kernel-hardening-help@lists.openwall.com>
List-Unsubscribe: <mailto:kernel-hardening-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:kernel-hardening-subscribe@lists.openwall.com>
List-ID: <kernel-hardening.lists.openwall.com>
Delivered-To: mailing list kernel-hardening@lists.openwall.com
Delivered-To: moderator for kernel-hardening@lists.openwall.com
Received: (qmail 20344 invoked from network); 26 May 2017 07:55:50 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20161025;
	h=mime-version:in-reply-to:references:from:date:message-id:subject:to
	:cc; bh=SNR/yJfd4ao9NXvQt5KxxcKhap3noOERAcU5jgLxW0s=;
	b=t5fJ1rMOwrNXFF17+nCsEKizOQpNNWjU917x2KyrSPutB5S9WIbBnvPg8v1gyMDwuu
	ZyjBGSU7KLzCUhnBt4xanO+drK0oJn5ufGiY5E1MwrKITodILvN51iSfhZGUNxUb9Kjc
	UT5Z/kB/r2yx4yPTFSo5BDYgg5X7+UuOBZe76aXf4mp1QjZ+MOtk7jjEpqIAl0mSMxvT
	UAluw4+RmsKJm6gRYdh7UwADkkwm4TIl3doTui6XFHaObw1CHC1LcRCrHe0XiXUlkxf7
	XSIP9uRVl4YcdBlxLo6O0BGk9Oyo4KyIQsHLSGI0fFuOiBWoXh8QzgioCysCQTTGBsGN
	+GHw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:mime-version:in-reply-to:references:from:date
	:message-id:subject:to:cc;
	bh=SNR/yJfd4ao9NXvQt5KxxcKhap3noOERAcU5jgLxW0s=;
	b=JruIWOIX/msjJRFKYCnmjFNDLgKLuqBmLWUg3r9lgtIT/dd8NEv6hHLM2/cW1LHGTj
	+JvN2w2Cjyy+Tq1Km0kGzUz8bBnOrb1yM0KYGGfmIfuLjYIJi1R6H0wY1RH+qdddjcVG
	ua21+tHjt1g7NN+iM1fbSr375bhstej1Lfut14qIbGF80tZ5yKJDFsIksWVEERCk1Cey
	qz1TMhU75zk1zSKRiAPM20XmDeix50KiTTGYcyaJPX+VS5KotO/0RVHXOlLVUjuhHMn0
	8CJfS8RLBxufqmz/xWoo/k53CGhRV5kZOARY38Y33Itcv+lG3zcRQdFuvMnJrw5VKCfi
	7F9Q==
X-Gm-Message-State: AODbwcCOKaH5cIa3VbramqRA06RPmHJwEDj4SrJKCnGn46txfLNEzVaN
	AvbtmLKSNYal7wTX/HQHaiYCPLYkIA==
X-Received: by 10.28.206.70 with SMTP id e67mr1032227wmg.37.1495785338760;
	Fri, 26 May 2017 00:55:38 -0700 (PDT)
MIME-Version: 1.0
In-Reply-To: 
 <CAGXu5jKY+Fc5PcZdbXEXKXsxN2xb9Ext15yrhPrg4Afd1Rq_yA@mail.gmail.com>
References: 
 <CAFwXZv_b3hdEA4xOFKqAVfc4UZEBX=dL9DOY_mDHExsW+Qg6tQ@mail.gmail.com>
	<85inkpie9o.fsf@boum.org> <1495724872.20270.46.camel@redhat.com>
	<8537bt9bvj.fsf@boum.org> <1495727974.20270.48.camel@redhat.com>
	<CAGXu5jKY+Fc5PcZdbXEXKXsxN2xb9Ext15yrhPrg4Afd1Rq_yA@mail.gmail.com>
From: HacKurx <hackurx@gmail.com>
Date: Fri, 26 May 2017 09:55:37 +0200
Message-ID: 
 <CAFwXZv_Nb5Q8n1kobbxz7+3w4r6pt-fD5YR4jw6_ZeXk1__9+A@mail.gmail.com>
To: Kees Cook <keescook@chromium.org>
Cc: Rik van Riel <riel@redhat.com>, intrigeri <intrigeri@boum.org>,
	"kernel-hardening@lists.openwall.com"
	<kernel-hardening@lists.openwall.com>
Subject: Re: [kernel-hardening] Patch for random mac address
X-Virus-Scanned: ClamAV using ClamSMTP

2017-05-25 19:28 GMT+02:00 Kees Cook <keescook@chromium.org>:
> On Thu, May 25, 2017 at 8:59 AM, Rik van Riel <riel@redhat.com> wrote:
>> On Thu, 2017-05-25 at 17:47 +0200, intrigeri wrote:
>>> Rik van Riel:
>>> > That suggests maybe this kind of functionality should
>>> > be implemented in userspace, instead?
>>> > Maybe in NetworkManager, […]
>>>
>>> It's already implemented in NetworkManager :)
>>
>> So this kernel patch does not solve any problem,
>> because the solution has already been implemented
>> in userspace?
>
> It makes sure you can never not randomize the MAC

You have perfectly understood.

> BTW, the proposed patch is slightly wrong: it still allows userspace
> to change the MAC address.

This is not the most important because it is already another MAC
address because this patch randomize MAC whenever interface is brought
up.

> The ifdef with the return 0 should be moved
> up (and "return 0" seems like a bit of a lie: maybe -EINVAL or
> -ENOTSUPPORTED?).
-EINVAL seems to be a good idea, I will use it to never reveal the
permanent MAC address.

> How about sending a v2 with that fixed, inline, etc.

Agree with the V2. I'm not a developer, what do you mean by inline? Send by GIT?
If someone can make him grow in my place I will pay him a beer ^^

Thank you all. Best regards,

HacKurx (Loic)

diff --git a/net/core/dev.c b/net/core/dev.c
index fca407b..3eeb42b 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -6669,6 +6669,26 @@ int dev_change_flags(struct net_device *dev, unsigned int flags)
 
 	changes = (old_flags ^ dev->flags) | (old_gflags ^ dev->gflags);
 	__dev_notify_flags(dev, old_flags, changes);
+
+#ifdef CONFIG_RANDOM_MAC_ADDRESS
+	if ((changes & IFF_UP) && !(old_flags & IFF_UP)) {
+		/* randomize MAC whenever interface is brought up */
+		struct sockaddr sa;
+		unsigned int mac4;
+		unsigned short mac2;
+
+		mac4 = prandom_u32();
+		mac2 = prandom_u32();
+		memcpy(sa.sa_data, &mac4, sizeof(mac4));
+		memcpy((char *)sa.sa_data + sizeof(mac4), &mac2, sizeof(mac2));
+		if (!is_valid_ether_addr(sa.sa_data))
+			sa.sa_data[5] = 1;
+		sa.sa_data[0] &= 0xFC;
+		sa.sa_family = dev->type;
+		dev_set_mac_address(dev, &sa);
+	}
+#endif
+
 	return ret;
 }
 EXPORT_SYMBOL(dev_change_flags);
diff --git a/net/core/dev_ioctl.c b/net/core/dev_ioctl.c
index b94b1d2..b020d15 100644
--- a/net/core/dev_ioctl.c
+++ b/net/core/dev_ioctl.c
@@ -463,7 +463,12 @@
 					 sizeof(struct ifreq)))
 				ret = -EFAULT;
 		}
+#ifdef CONFIG_RANDOM_MAC_ADDRESS
+		/* Don't reveal the permanent MAC address */
+		return -EINVAL;
+#else
 		return ret;
+#endif
 
 	/*
 	 *	These ioctl calls:
diff --git a/security/Kconfig b/security/Kconfig
index 93027fd..6b7b6fc 100644
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -67,6 +67,14 @@ config SECURITY_NETWORK_XFRM
 	  IPSec.
 	  If you are unsure how to answer this question, answer N.
 
+config RANDOM_MAC_ADDRESS
+	bool "Use random MAC adresses"
+	default n
+	help
+	  Say Y here for randomize the MAC addresses of network interfaces.
+	  This option is recommended for people who want to increase their privacy.
+	  If you are unsure how to answer this question, answer N.
+
 config SECURITY_PATH
 	bool "Security hooks for pathname based access control"
 	depends on SECURITY