[tbb-bugs] #11096 [Applications/Tor Browser]: Randomize MAC address before start of Tor

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Oct 25 05:55:25 UTC 2017


#11096: Randomize MAC address before start of Tor
--------------------------------------+--------------------------
 Reporter:  csoghoian                 |          Owner:  tbb-team
     Type:  enhancement               |         Status:  assigned
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:  tbb-security              |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+--------------------------

Comment (by cypherpunks):

 Replying to [comment:5 bugzilla]:
 > Meaningful part of this ticket is
 > > TBB exploits
 > So, propose renaming it to something like "Investigate methods of
 hardening of Firefox to prevent MAC stealing".
 This is not too difficult. A MAC address is obtained by using either an
 IOCTL (SIOCGIFHWADDR), or the NETLINK protocol (AF_NETLINK). Just blocking
 those syscalls when that argument is used should be sufficient, assuming
 other more obvious issues like arbitrary filesystem access or the ability
 to bypass Tor to phone home is mitigated.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11096#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tbb-bugs mailing list