security implications of /var/lib/dbus/machine-id. Thoughts?
SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
In theory, the machine-id should be a persistent identifier of the current host. In practice, this causes some privacy concerns. As a consequence, in Devuan the dbus machine-id is recreated at each boot.
This makes machine-id unique to each running instance of the OS on the machine.
I can't vouch for any security implications, as I don't know how one could "spoof" a D-Bus machine-id remotely. But looking through the Slackware init scripts, it would be pretty easy to mimic Devuan's new behavior, simply by deleting /var/lib/dbus/machine-id, after stopping D-Bus, in rc.6 and rc.0:
Code:
# Stop D-Bus:
if [ -x /etc/rc.d/rc.messagebus ]; then
/etc/rc.d/rc.messagebus stop
rm -f /var/lib/dbus/machine-id
fi
On the next boot, rc.messagebus will automatically re-create it, with a new ID.
Excuse my ignorance, but how can be spoofed remotely a local service like DBUS? And even if you manage this, you get what? considering that that DBUS has its own authentication methods for its clients?
Maybe they expose somehow the DBUS to network and this trick could have some value for Devuan, but I doubt its usefulness for Slackware or any other sane distribution...
Last edited by ZhaoLin1457; 11-30-2019 at 02:29 PM.
There are related conversations online. Opinions vary whether the file contents are a meaningful security or privacy risk.
Poking around the web indicates the file was introduced in 2006. That means the file has been in use for 13 years.
dbus expects this file and expects legitimate contents rather than zero or sym linking to /dev/null. The file is used in Slackware as can be seen in $HOME/.dbus/session-bus. The dbus-uuidgen man page explicitly warns against modifying the file contents.
If the file is deleted the contents will be regenerated in rc.messagebus: /usr/bin/dbus-uuidgen --ensure.
There are other ways software could fingerprint any system. For security or privacy concerns, probably the best that can be established is regenerating at each boot. In Slackware that means using rc.local_shutdown to modify the contents and letting rc.messagebus to repopulate.
I have noticed that when starting Chrome (rebuilt from an offcial binary) I got an error message about an invalid value in /etc/machine-id. I could get rid of this messag with this command:
Code:
dbus-uuidgen --ensure=/etc/machine-id
Which means that the browser can easily track my activity as this is an UUID.
So, either do not set it at all or change it often (at boot time or in a cron job) if want to make harder to spy you.
Running without dbus is a hobby for some Devuan users, which I think is great.
I stopped using PDF viewers that demand machine-id exist.
Not sure whether this is actually a risk or not. I just think it's stupid. Any design that requires me to have a unique ID like that, I really don't want if I can help it. Never needed it years ago, can't figure out why I should entertain it now. It's not like there are any highly technical people interested in helping me make a very informed decision about this, so I'll just err on the side of "This isn't the sort of feature I like." It's my computer, so I get to decide.
Last edited by freemedia2018; 11-30-2019 at 08:41 PM.
I have noticed that when starting Chrome (rebuilt from an offcial binary) I got an error message about an invalid value in /etc/machine-id. I could get rid of this messag with this command:
Code:
dbus-uuidgen --ensure=/etc/machine-id
Which means that the browser can easily track my activity as this is an UUID.
So, either do not set it at all or change it often (at boot time or in a cron job) if want to make harder to spy you.
For example, a rougue program can also well to hash the content of "/etc/os-release" and its creation timestamp to create a quite unique fingerprint.
Anyways, there are tons of other ways for a rougue program to fingerprint you. And what stops this rogue program to generate and store locally its own UUID?
Last edited by ZhaoLin1457; 11-30-2019 at 10:02 PM.
Should machine-id regeneration be the default Slackware behavior?
No in my opinion. This setting belongs to the end user or admin, depending on the context and use case.
Quote:
Is there any reason for regular* Slackware users to keep a persistent machine-id?
There can be, depending of the context, and of the kind of "regular" user. For instance, an admin of many servers may want to use that to monitor them using this feature. On the other hand, users of a personal computer they own may not want that.
Last edited by Didier Spaier; 12-01-2019 at 03:08 AM.
Should machine-id regeneration be the default Slackware behavior?
I think this comes down to Slackware's philosophy. And that philosophy is to deliver packages as upstream intends, barring major issues.
Having machine-id being static seems to be upstream's default, so unless you can point to a specific CVE, I doubt this will be changed by Pat and team.
If a user wants to change this, then they are given the ability due to Slackware's willingness to let users be their own admin!
Do you have a reason why /var/lib/dbus/machine-id should not get a new value at every system boot?
To my understanding, the contents of machine-id does not need to be permanent. The file just needs to exist and contain legitimate contents. Regenerating should not impact dependent apps. Deleting the file in /etc/rc.d/rc.local_shutdown should suffice as rc.message will regenerate.
Quote:
So, for Slackware users that use Chrome, re-generating the machine-id during boot is probably a good idea for online privacy.
Not to shrug but any app or service from Don't Be Evil Google is long known not to respect privacy.
Quote:
I stopped using PDF viewers that demand machine-id exist.
Share the list please?
I have read the file may be used by some DHCP clients.
Perhaps a simple community experiment. While rc.message ensures the file contents, something in rc.local could delete the file. Then see what breaks during the day.
The code has existed since 2006. While I expect anything from Don't Be Evil Google to use mechanisms like this to violate privacy, I have not read of anything else that does.
Quote:
Having machine-id being static seems to be upstream's default, so unless you can point to a specific CVE, I doubt this will be changed by Pat and team.
Agree. I don't expect Pat to spend energy working around this.
With some idle moments I fiddled with /var/lib/dbus/machine-id and not regenerating the file. Deleting the file, setting to zero size, or 32 zeroes results in X not launching with startx.
The dbus-uuidgen man page states:
"The important properties of the machine UUID are that 1) it remains unchanged until the next reboot and 2) it is different for any two running instances of the OS kernel."
The first condition implies that regenerating at each boot is safe.
As dbus is for IPC and not interhost communication, a sweet summer child view is the file should not be used by other software for non IPC purposes.
Yet since the location of the file is well known, nothing stops other software from using the file as a fingerprint. Regenerating at each boot probably throws some sand into data mining and tracking gears, but even Slackware uses and needs the file.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
