Project

General

Profile

Privacy issue #1092

NetworkManager 1.4 leaks hostname

ralessi - almost 3 years ago - . Updated 5 months ago.

Status:
info needed
Priority:
privacy issue
Assignee:
% Done:

0%


Description

NetworkManager now uses systemd-hostnamed to get the hostname and is configured to automatically send it to any dhcp server. There is no easy way to prevent the hostname from being sent which is a privacy issue.

So far, the only way I have found is first to change the hostname, then establish the connection, then edit the connection settings and add "dhcp-send-hostname=false" to the [ipv4] block. Once this is done, one can revert to the original hostname.

History

#1

Updated by Anonymous almost 3 years ago

  • Assignee set to Anonymous
#2

Updated by g4jc over 2 years ago

This would need testing, but can probably be done.

1) Modify /etc/NetworkManager/NetworkManager.conf in networkmanager-nonprism PKGBUILD

2) Create a post-install hook that modifies users existing connections (note this will break networkmanager should they revert from nonprism)

nmcli -t -f uuid connection | while read uuid; do
nmcli connection modify $uuid \
ipv4.dhcp-send-hostname false \
ipv6.dhcp-send-hostname false
done

Code tips courtesy http://viliampucik.blogspot.com/2016/09/networkmanager-disable-sending-hostname.html


The potentially larger issue however is other programs which use the hostname, and logs that use the hostname.

Is disabling the hostname for one program actually helping privacy, or should we consider adding a hostname randomizer to nonprism? That way each time the computer starts the user is given a random hostname rather than the default.

#3

Updated by g4jc over 2 years ago

Unfortunately, it is no longer possible to control the hostname from NetworkManager.

https://developer.gnome.org/NetworkManager/stable/NetworkManager.conf.html


hostname
This key is deprecated and has no effect since the hostname is now stored in /etc/hostname or other system configuration files according to build options.

This would have to be done at the dhcp client level, unfortunately there are various dhcp clients.
Additionally dispatcher.d scripts cannot be used since the pre-up scripts do not run reliably (known bug)

So that most likely leaves randomization at the systemd level.

#4

Updated by Anonymous over 2 years ago

  • Assignee changed from Anonymous to g4jc
#5

Updated by ralessi over 2 years ago

Would it not be possible to have this line:

dhcp-send-hostname=false

automatically inserted into every new system-connection just below the [ipv4] section before the connection itself be activated?

With this feature working in conjunction with the mac-address randomization features that are currently working well, we should have a 'respect-your-privacy' compliant nm (at least in my opinion).

#6

Updated by g4jc over 2 years ago

ralessi wrote:

Would it not be possible to have this line:
[...]
automatically inserted into every new system-connection just below the [ipv4] section before the connection itself be activated?

With this feature working in conjunction with the mac-address randomization features that are currently working well, we should have a 'respect-your-privacy' compliant nm (at least in my opinion).

I would be happy to implement this, but unfortunately the feature hasn't been working since at least 20141, and does not take into account ipv6.
So far I have only been able to get it to work with a systemd unit which replaces dhcp=internal in /etc/NetworkManager.conf with dhclient and wipes hostname on start... but even this method still leaks regularly due to race conditions on startup.

If anyone can come up with a working solution for this that does not leak hostname please let me know!

[1] http://gnome-networkmanager.2324886.n4.nabble.com/dhclient-avoiding-hostname-disclosure-via-DHCP-request-td23165.html

#7

Updated by ralessi over 2 years ago

g4jc wrote:

I would be happy to implement this, but unfortunately the feature hasn't been working since at least 20141, and does not take into account ipv6.
So far I have only been able to get it to work with a systemd unit which replaces dhcp=internal in /etc/NetworkManager.conf with dhclient and wipes hostname on start... but even this method still leaks regularly due to race conditions on startup.

I get it. This is sinister.
Meanwhile, wouldn't it be nice to have a hostname randomizer in nonprism? And do you know how Tails deals with this issue?

#8

Updated by g4jc over 2 years ago

ralessi wrote:

I get it. This is sinister.
Meanwhile, wouldn't it be nice to have a hostname randomizer in nonprism? And do you know how Tails deals with this issue?

There is preliminary work in nonprism to do this (blank and optionally randomize), but it needs to work regardless of dhcpclient. That involves race conditions. You can see the attempt I made here:
https://git.parabola.nu/abslibre.git/tree/nonprism/hostname-blanker

It doesn't work as it should. I'm not sure how Tails is dealing with it, in the past they used the now deprecated [keyfile] [hostname] of NetworkManager. If you are able to help find relevant code it could be helpful for us.

#9

Updated by ralessi over 2 years ago

g4jc wrote:

You can see the attempt I made here:
https://git.parabola.nu/abslibre.git/tree/nonprism/hostname-blanker

Thanks. I'll look into this.

It doesn't work as it should. I'm not sure how Tails is dealing with it, in the past they used the now deprecated [keyfile] [hostname] of NetworkManager. If you are able to help find relevant code it could be helpful for us.

I came across this page: https://tails.boum.org/contribute/design/#index50h3 which indicates that either the documentation or the version of nm currently used is outdated. I'll install the latest Tails and will report here what I can find.

#10

Updated by ralessi over 2 years ago

g4jc wrote:

I'm not sure how Tails is dealing with it, in the past they used the now deprecated [keyfile] [hostname] of NetworkManager. If you are able to help find relevant code it could be helpful for us.

I had a look at the latest Tails: they still use NetworkManager v0.9.10.0-7 and so the keyfile plugin. Considering this particular issue that seems a wise decision even though it does not comply with the 'rolling-release' concept of Parabola.

#11

Updated by ralessi over 2 years ago

g4jc wrote:

https://git.parabola.nu/abslibre.git/tree/nonprism/hostname-blanker

If I understand well, this script replaces the hostname that has been set permanently, but without having to reboot the system. The drawback is that the user must give up the hostname he chose to save his privacy. I am right?
For the time being, I made this very primitive script:

#!/bin/bash
# blank-hostname

if [ "$(id -u)" != "0" ]; then
    echo "Sorry, you are not root." 
    exit 1
fi

set -e

case "$1" in
    on)
    mv /etc/hostname /etc/hostname-out
    systemctl reboot
    ;;
    off)
    mv /etc/hostname-out /etc/hostname
    systemctl reboot
    ;;
    status)
    ls /etc/hostname*
    exit
    ;;
    *)
    echo "usage blank-hostname on | off | status" 
    ;;
esac

When I need to establish a new connection, I first do sudo blank-hostname on. Then, before doing sudo blank-hostname off, I take care of editing the connection settings with nmcli to have dhcp-send-hostname=false inserted below both of the [ipv4] and [ipv6] blocks.

#12

Updated by ralessi over 2 years ago

This just came to me: Since networkmanager now manages the hostname via systemd-hostnamed, do you think that replacing systemd by openrc would solve this issue?

#13

Updated by g4jc over 2 years ago

ralessi wrote:

This just came to me: Since networkmanager now manages the hostname via systemd-hostnamed, do you think that replacing systemd by openrc would solve this issue?

I'm not sure, since I do not use OpenRC, but it may be worth testing.

Meanwhile upstream is aware of the issue and it's affect on Tails: https://bugzilla.gnome.org/show_bug.cgi?id=768076

#14

Updated by ralessi over 2 years ago

g4jc wrote:

ralessi wrote:

This just came to me: Since networkmanager now manages the hostname via systemd-hostnamed, do you think that replacing systemd by openrc would solve this issue?

I'm not sure, since I do not use OpenRC, but it may be worth testing.

I do not either, and didn't dare to try OpenRC on an HD that is entirely encrypted...

Meanwhile upstream is aware of the issue and it's affect on Tails: https://bugzilla.gnome.org/show_bug.cgi?id=768076

That's great, but would it be enough to disable the transient hostname by setting hostname=none? If I understand well systemd's hostnamectl (https://www.freedesktop.org/software/systemd/man/hostnamectl.html), if a valid static hostname has been set, the transient hostame is not used by hostnamectl.

#15

Updated by bill-auger 5 months ago

  • Assignee changed from g4jc to Megver83
  • Status changed from open to info needed

while clearing house on the bug tracker, i noticed this BR which is a few years old now - is this still a concern?

i will assign it to megver to ask if indeed he thinks "replacing systemd by openrc would solve this issue", at least for nonprism

#16

Updated by ralessi 5 months ago

I gave up systemd more than two years ago in favor of openrc, and I can say that this solved this issue.

Also available in: Atom PDF