MAC spoofing leak during suspend? #17115
Hello Tails dev,
I was curious if there is anything to handle drivers reverting mac after a suspend?
As mentioned by the user grandbronze111:
> https://gitlab.tails.boum.org/tails/tails/-/issues/11293#note_253628
>
> Am I missing something, or are you unaware that some drivers reset to the true/permanent MAC during suspend?
Then reading issue #17115:
>https://gitlab.tails.boum.org/tails/tails/-/issues/17115
What about added udev rules: 00-mac-spoof.rules?
Would this be valid?
> # Trigger MAC spoofing script on suspend and resume
> SUBSYSTEM=="net", ACTION=="suspend", RUN+="/usr/bin/systemd-cat -t spoof-mac -p debug /usr/local/lib/tails-spoof-mac $name"
> SUBSYSTEM=="net", ACTION=="resume", RUN+="/usr/bin/systemd-cat -t spoof-mac -p debug /usr/local/lib/tails-spoof-mac $name"
These actions are not universally supported across all systems or versions of udev.
> https://unix.stackexchange.com/questions/769369/udevadm-doesnt-auto-trigger-after-suspended
For instance, you maybe could use `ACTION=="change"` and check for specific conditions like `ENV{POWER_SUPPLY_ONLINE}`, although might not always correlate directly with suspend and resume states.
> SUBSYSTEM=="net", ACTION=="change", ENV{POWER_SUPPLY_ONLINE}=="0", RUN+="/usr/bin/systemd-cat -t spoof-mac -p debug /usr/local/lib/tails-spoof-mac $name"
> SUBSYSTEM=="net", ACTION=="change", ENV{POWER_SUPPLY_ONLINE}=="1", RUN+="/usr/bin/systemd-cat -t spoof-mac -p debug /usr/local/lib/tails-spoof-mac $name"
Then maybe add logic or a function to handle suspend and resume specifically to `tails-spoof-mac`?
However it appears MAC spoofing during suspend and resume is complex and can lead to race conditions with NetworkManager.
Maybe implement a retry mechanism in the tails-spoof-mac script to handle potential failures due to race conditions with NetworkManager?
What are your thoughts and experience on this matter?
Thanks,
artemis
