Your message dated Mon, 09 Feb 2015 19:06:11 +0000
with message-id <[email protected]>
and subject line Bug#774898: fixed in macchanger 1.7.0-5.3
has caused the Debian Bug report #774898,
regarding fails to detect silent driver failure to change MAC
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
774898: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774898
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: macchanger
Version: 1.7.0-5
Severity: normal
Tags: security
(Note that I have obscured my actal MAC with XX in this bug report.)
root@darkstar:~>macchanger wlan0 -m aa:bb:cc:dd:ee:ff
Current MAC: 40:f0:2f:XX:XX:XX (Liteon Technology Corporation)
Permanent MAC: 40:f0:2f:XX:XX:XX (Liteon Technology Corporation)
New MAC: aa:bb:cc:dd:ee:ff (unknown)
root@darkstar:~>ifconfig wlan0
wlan0 Link encap:Ethernet HWaddr 40:f0:2f:XX:XX:XX
It seems that the r8723au kernel driver for my wifi device silently
ignores attempts to change the MAC.
macchanger tries to detect if the new MAC is the same as the old.
However, it does this by calling mc_net_info_get_mac, on the same
net_info structure that it's called mc_net_info_set_mac on.
So, mc_net_info_set_mac sets the mac *in the data structure*, then calls
SIOCSIFHWADDR, which returns success without doing anything because the
kernel driver is buggy. And then mc_net_info_get_mac examines the data
structure, without calling SIOCGIFHWADDR to check if the MAC was
actually changed.
I suggest the attached patch to actively verify if the MAC was changed.
I'm tagging this security, because silently failing to change the MAC,
while claiming it was changed, may lead the user into trouble, if they
were changing their MAC for security reasons.
-- System Information:
Debian Release: 8.0
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages macchanger depends on:
ii debconf [debconf-2.0] 1.5.55
ii dpkg 1.17.23
ii install-info 5.2.0.dfsg.1-6
ii libc6 2.19-13
macchanger recommends no packages.
macchanger suggests no packages.
-- debconf information excluded
--
see shy jo
diff --git a/src/main.c b/src/main.c
index 182082e..d57ce4d 100644
--- a/src/main.c
+++ b/src/main.c
@@ -264,10 +264,6 @@ main (int argc, char *argv[])
/* Set the new MAC */
ret = mc_net_info_set_mac (net, mac_faked);
if (ret == 0) {
- /* Re-read the MAC */
- mc_mac_free (mac_faked);
- mac_faked = mc_net_info_get_mac(net);
-
/* Print it */
print_mac ("New MAC: ", mac_faked);
@@ -276,6 +272,18 @@ main (int argc, char *argv[])
printf ("It's the same MAC!!\n");
exit (EXIT_ERROR);
}
+
+ /* Re-read the MAC in case a driver silently ignores
+ * attempt to set it */
+ mc_net_info_free (net);
+ if ((net = mc_net_info_new(device_name)) == NULL) {
+ exit (EXIT_ERROR);
+ }
+ mac = mc_net_info_get_mac(net);
+ if (! mc_mac_equal (mac, mac_faked)) {
+ printf ("Network driver didn't actually change to the
new MAC!!\n");
+ exit (EXIT_ERROR);
+ }
}
/* Memory free */
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
Source: macchanger
Source-Version: 1.7.0-5.3
We believe that the bug you reported is fixed in the latest version of
macchanger, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
gregor herrmann <[email protected]> (supplier of updated macchanger package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 07 Feb 2015 17:40:59 +0100
Source: macchanger
Binary: macchanger
Architecture: source
Version: 1.7.0-5.3
Distribution: unstable
Urgency: medium
Maintainer: David Paleino <[email protected]>
Changed-By: gregor herrmann <[email protected]>
Description:
macchanger - utility for manipulating the MAC address of network interfaces
Closes: 774898
Changes:
macchanger (1.7.0-5.3) unstable; urgency=medium
.
* Non-maintainer upload.
* Fix "fails to detect silent driver failure to change MAC":
Add patch verify-changed-MAC.patch from Joey Hess:
actively check the new MAC after trying to change it.
(Closes: #774898)
Checksums-Sha1:
0b0b83dd19028e8015666cad37a64918b2df33cb 2059 macchanger_1.7.0-5.3.dsc
a6efeb03567ca2342d899cba4db698062abd14a1 23644
macchanger_1.7.0-5.3.debian.tar.xz
Checksums-Sha256:
ac9675b0ed4f424212d73bc87196100b39f845ec413a43650171c60175770021 2059
macchanger_1.7.0-5.3.dsc
fb89c8355056a7ec9d949a7aa201648a93682e92820a54ca6e3fbdf819ec9aac 23644
macchanger_1.7.0-5.3.debian.tar.xz
Files:
49f427844e0b73d80ce7a1da19621aae 2059 net extra macchanger_1.7.0-5.3.dsc
2279d49326d53d7f04260f5d5643df9d 23644 net extra
macchanger_1.7.0-5.3.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQJ8BAEBCgBmBQJU1kCyXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXREMUUxMzE2RTkzQTc2MEE4MTA0RDg1RkFC
QjNBNjgwMTg2NDlBQTA2AAoJELs6aAGGSaoGkAMQAIn2/c58uIOPtKNchCtkFc28
BK/B1BeTzjUOEivBj+z7mjoeaS4/0RSxrvUz3P/xy7h6KEYwtHD1YD3VI0b9kES+
uY2G29Wbqbt/5Wpp34iNfzq8qZz8YZOXgxEQW7EBDH8eCGWUhDIQR170wDPUp7JN
fa6pKFnd3hFMK1vISm0frsOZFqAIVtd2yettprRxFVbECWZsbq8ibeAYESw41YDC
hYA42t7YQJo2/YLnzWjC50lxZ9JfKLZnT8mBu0tWNL+JU+eT0TVEvhS7J7i3dOHy
KnxEfioZjMnlvESJ/YxiVwBI3IfFAZBFbKzSTYJFw++ogZd933p3kUoLEitUoHty
3D0Y0F5dewOLMLk6qYQNoEG0mn+UXzzowCDB8/FhGrz7rRqLL5fmC5Ri7n0HsMB4
0tE605MIzOOyUvBnL5VNGsPBckw3hDUKNrbSJChdYUfhrDGYpRTh+eW/MqsFIahC
xeb8FfxH/F7tinqFPxU0A4MyKO7ycd3AdYuJj3gfnX4fMgaP0c4HSGV+Em8DkYe+
1OYSJvrPqa/rIuq3SFVyq7SNnkRzkSC9Cu6Rmbn7tymgoPN0ryTnaq8Q9XlsOvCt
FcWk2KCYOHGrFBs7Q2rz4Ihu+IU5e590T0TBJFuNzlL2h1mXcdlG8MVZkZAWY0NZ
WnJJyCHXLMGt5vCGlATr
=PteB
-----END PGP SIGNATURE-----
--- End Message ---
