On Thu, 08 Aug 2019 at 15:20:28 -0400, Marvin Renich wrote:
> The man page for machine-id says:
>
> This ID uniquely identifies the host. It should be considered
> "confidential", and must not be exposed in untrusted environments, in
> particular on the network.
>
> Why is the file mode 0666?
I very much hope it's 0644 (rw-r--r-- or 0444 (r--r--r--). Mine is 0444.
> Does it need to be non-root readable?
Yes. Some of the applications that want an opaque unique identifier for
the machine, like dbus-launch(1) (which uses it to disambiguate between
machines sharing an X11 display), are unprivileged. If /etc/machine-id
wasn't readable by unprivileged users, then applications and services that
want a machine identifier would just have to invent another equally-unique
identifier (or use the hostname), which would have essentially the same
privacy implications as /etc/machine-id.
gethostname(2) and /etc/hostname are also world-readable. The machine-id
is just like the hostname, except that because it isn't human-meaningful,
people hopefully don't change it to something they like better and expect
not to lose their per-machine configuration and state as a result.
> If
> so, how can it be prevented from being exposed on the network if there
> is any user access from the network? Is this really a security concern?
If applications routinely broadcast the machine ID on local LANs or
to an Internet server, then the operator of those LANs or servers
can tell whether connections are coming from the same or different
machines. Some people would consider this to be a privacy violation
("fingerprinting"). I suspect that the intention of that text is to
encourage authors of networked software that uses the machine ID to
think about this.
Analogous: don't tell those same LANs or servers your gethostname(2),
or your MAC address (without randomization), or your IPv6 address
(without "privacy extensions"), if you don't want them to be able to
tell which machine you are using.
smcv
