lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 15 Jul 2016 19:42:28 +0200
From:	Bjørn Mork <bjorn@...k.no>
To:	David Laight <David.Laight@...LAB.COM>
Cc:	Kristian Evensen <kristian.evensen@...il.com>,
	"linux-usb\@vger.kernel.org" <linux-usb@...r.kernel.org>,
	"netdev\@vger.kernel.org" <netdev@...r.kernel.org>,
	"linux-kernel\@vger.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] rndis_host: Set random MAC for ZTE MF910

David Laight <David.Laight@...LAB.COM> writes:
> From: Bjørn Mork
>> Sent: 13 July 2016 23:23
> ...
>> Or how about the more generic?:
>> 
>>         if (bp[0] & 0x02)
>>    		eth_hw_addr_random(net);
>> 	else
>> 		ether_addr_copy(net->dev_addr, bp);
>> 
>> That would catch similar screwups from other vendors too.
>
> Not really, that disables 'locally administered' addresses.

... when the 'locally administered' addresses comes from firmeare, yes.
That was the idea.  We are better off using our own random locally
administered address if some vendor has been cheap/stupid enough to
program that into firmware.

The aminstrator is of course still free to set any address, 'locally
administered' or whatever.  This is not the question here.

> If a vendor has used the same address on lots of cards it could easily
> be a 'real' address.

Sure.  We cannot easily detect that.  The only way is to keep a
blacklist of such  'real' addresses, the way Kristian initially
proposed.

But I thought that we could simplify this particular screwup since the
address in question had the local bit set, and catch every other similar
abuse at the same time. If you get the local bit from formware, then you
know for sure that there is something wrong.

> Not only that, there certainly used to be manufacturers that used 'locally
> administered' addresses on all their cards (as well as those that used unallocated
> address blocks).

Sure. But is there any reason to care about those addresses?

> Not to mention the bit-revered addresses....

Listing all the ways vendors have screwed is going to be a long and
rather boring thread ;)


Bjørn

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ