[tbb-bugs] #11096 [Applications/Tor Browser]: Randomize MAC address before start of Tor
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Oct 25 05:55:25 UTC 2017
#11096: Randomize MAC address before start of Tor
--------------------------------------+--------------------------
Reporter: csoghoian | Owner: tbb-team
Type: enhancement | Status: assigned
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-security | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Comment (by cypherpunks):
Replying to [comment:5 bugzilla]:
> Meaningful part of this ticket is
> > TBB exploits
> So, propose renaming it to something like "Investigate methods of
hardening of Firefox to prevent MAC stealing".
This is not too difficult. A MAC address is obtained by using either an
IOCTL (SIOCGIFHWADDR), or the NETLINK protocol (AF_NETLINK). Just blocking
those syscalls when that argument is used should be sufficient, assuming
other more obvious issues like arbitrary filesystem access or the ability
to bypass Tor to phone home is mitigated.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11096#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list