Project

General

Profile

Bug #7688

DHCP client leaks hostname "amnesia"

Added by sajolida over 4 years ago. Updated over 4 years ago.

Status:
Resolved
Priority:
High
Assignee:
-
Category:
-
Target version:
Start date:
08/10/2014
Due date:
% Done:

100%

QA Check:
Pass
Feature Branch:
bugfix/7688-no-dhcp-send-hostname
Type of work:
Code
Blueprint:
Starter:
No
Affected tool:

Description

1. Boot Tails 1.1.
2. Install Wireshark.
3. Monitor the network until a periodic
DHCP refresh is done.
4. Click on the "DHCP Request" packet
going out to the local router/gateway/dhcp-server.

In the data in the packet one can see:

Bootstrap Protocol
Message type: Boot Request (1)
[...]
Option: (12) Host Name
Length: 7
Host Name: amnesia
[...]

In earlier Tails versions the hostname was not leaked, so this is a regression.


Subtasks

Bug #7769: Resets hostname to the one provided by the DHCP serverResolvedintrigeri


Related issues

Related to Tails - Feature #5655: Share username and hostname amongst all anonymity distributions Confirmed 03/17/2016
Related to Tails - Feature #7712: Automatically test hostname leaks Resolved 08/01/2014

Associated revisions

Revision 97790a2a (diff)
Added by Tails developers over 4 years ago

Prevent dhclient from sending the hostname over the network (Closes: #7688).

First, we have to use the "keyfile" NetworkManager plugin only; that is, we
disable the "ifupdown" one:

  • it's needed, because the only the "keyfile" plugin supports setting
    dhcp-send-hostname to false, while the "ifupdown" plugin retrieves the
    hostname to send from /etc/hostname;
  • it's OK, because we actually don't use the functionality provided by the
    "ifupdown" plugin (that is, reading from /etc/network/interfaces -- that
    only configures the loopback connection in Tails, which is itself ignored by
    NetworkManager anyway).

Second, we configure the NetworkManager "keyfile" plugin to not send the
hostname over DHCP by default. Likely this can be overridden on
a per-connection basis.

Third, we tell dhclient itself not to send the hostname. This is needed because
NetworkManager runs dhclient with the `-cf /var/run/nm-dhclient-eth0.conf`
option, and generates that file by concatenating `/etc/dhcp/dhclient.conf`
with its own settings.

History

#1 Updated by intrigeri over 4 years ago

  • Target version set to Tails_1.1.1
  • Type of work changed from Code to Research

Tentatively flagged for 1.1.1, so that we have this security regression on our radar. And there's no lead for a fix yet, so marking as needing research.

#2 Updated by BitingBird over 4 years ago

  • Related to Feature #5655: Share username and hostname amongst all anonymity distributions added

#3 Updated by intrigeri over 4 years ago

(All that follows is valid on Wheezy. Not checked anything newer yet.)

NetworkManager runs dhclient with the -cf /var/run/nm-dhclient-eth0.conf option. That file contains send host-name "amnesia"; # added by NetworkManager, and is created by the nm_dhcp_dhclient_create_config function in src/dhcp-manager/nm-dhcp-dhclient-utils.c. Each connection has a dhcp-send-hostname setting (docs/api/html/ref-settings.html) that defaults to TRUE.

On the short term, simply commenting out the line that adds the line we don't want should be enough.

As suggested on https://mail.gnome.org/archives/networkmanager-list/2014-January/msg00011.html, if using the "keyfile" plugin only (that is, after disabling the "ifupdown" one), adding this to /etc/NetworkManager/NetworkManager.conf seems to resolve the problem:

[ipv4]
dhcp-send-hostname=false

But:

  1. I'm not sure what would be the consequences of disabling the "ifupdown" plugin. My understanding of https://wiki.gnome.org/Projects/NetworkManager/SystemSettings leads me to think it's a complete no-op in our case, but this should be tested more thoroughly.
  2. One also has to patch the system-wide dhclient.conf, since it contains send host-name = gethostname();, and its content is merged into the NM-generated dhclient config file.
  3. I've not sniffed the network to confirm that doing all of the above is enough.

#4 Updated by intrigeri over 4 years ago

  • Status changed from Confirmed to In Progress
  • % Done changed from 0 to 10

#5 Updated by intrigeri over 4 years ago

  • Feature Branch set to bugfix/7688-no-dhcp-send-hostname
  • Type of work changed from Research to Code

Implemented the solution described above. The generated dhclient.conf looks good. Left to do:

  1. sniff the network to confirm that the hostname is not sent over DHCP (#7712);
  2. verify that it works for a manually added (e.g. Wi-Fi) network connection too (#7712);
  3. verify that the resulting ISO generally works fine: passes the automated test suite;
  4. verify that this solution also works on Jessie: works fine on current sid, verified with Wireshark;
  5. write design documentation.

#6 Updated by intrigeri over 4 years ago

  • Related to Feature #7712: Automatically test hostname leaks added

#7 Updated by intrigeri over 4 years ago

  • Assignee set to intrigeri

#8 Updated by intrigeri over 4 years ago

  • Assignee deleted (intrigeri)
  • % Done changed from 10 to 50
  • QA Check set to Ready for QA

#9 Updated by intrigeri over 4 years ago

  • Related to Bug #7769: Resets hostname to the one provided by the DHCP server added

#10 Updated by intrigeri over 4 years ago

  • Assignee set to intrigeri
  • QA Check deleted (Ready for QA)

This branch might be causing #7769. Hold on.

#11 Updated by intrigeri over 4 years ago

  • Related to deleted (Bug #7769: Resets hostname to the one provided by the DHCP server)

#12 Updated by intrigeri over 4 years ago

  • Assignee deleted (intrigeri)
  • QA Check set to Ready for QA

The #7769 regression was fixed on that branch. Ready for QA again!

#13 Updated by alant over 4 years ago

  • Assignee set to alant

#14 Updated by alant over 4 years ago

  • Status changed from In Progress to Fix committed
  • Assignee deleted (alant)
  • QA Check changed from Ready for QA to Pass

Merged, thanks!

#15 Updated by anonym over 4 years ago

  • Status changed from Fix committed to Resolved

Also available in: Atom PDF