Commit fae5ecec authored by Thomas Haller's avatar Thomas Haller

device: change default value for cloned-mac-address to "preserve" (bgo#770611)

Long ago before commit 1b49f941, NetworkManager did not touch the
MAC address at all. Since 0.8.2 NetworkManager would modify the
MAC address, and eventually it would reset the permanent MAC address
of the device.

This prevents a user from externally setting the MAC address via tools
like macchanger and rely on NetworkManager not to reset it to the
permanent MAC address. This is considered a security regression in
bgo#708820.

This only changed with commit 9a354cdc and 1.4.0. Since then it is possible
to configure "cloned-mac-address=preserve", which instead uses the "initial"
MAC address when the device activates.
That also changed that the "initial" MAC address is the address which was
externally configured on the device as last. In other words, the
"initial" MAC address is picked up from external changes, unless it
was NetworkManager itself who configured the address when activating a
connection.

However, in absence of an explicit configuration the default for
"cloned-mac-address" is still "permanent". Meaning, the user has to
explicitly configure that NetworkManager should not touch the MAC address.
It makes sense to change the upstream default to "preserve". Although this
is a change in behavior since 0.8.2, it seems a better default.

This change has the drastic effect that all the existing connections
out there with "cloned-mac-address=$(nil)" change behavior after upgrade.
I think most users won't notice, because their devices have the permanent
address set by default anyway. I would think that there are few users
who intentionally configured "cloned-mac-address=" to have NetworkManager
restore the permanent address.

https://bugzilla.gnome.org/show_bug.cgi?id=770611
parent eb8da4c2
...@@ -7,6 +7,11 @@ This is a new stable release of NetworkManager. Notable changes include: ...@@ -7,6 +7,11 @@ This is a new stable release of NetworkManager. Notable changes include:
* Fix emission of NM-style PropertiesChanged signals and deprecate them * Fix emission of NM-style PropertiesChanged signals and deprecate them
for PropertiesChanged on "org.freedesktop.DBus.Properties" interface. for PropertiesChanged on "org.freedesktop.DBus.Properties" interface.
* Change the meaning of unset "cloned-mac-address" settings from "permanent" to
"preserve". This changes the default value and affects existing connections
during upgrade that did not explicitly configure cloned-mac-address. This
has the effect that externally configured MAC addresses are preserved
by default instead of setting the permanent address (bgo#770611).
============================================ ============================================
NetworkManager-1.4 NetworkManager-1.4
......
...@@ -1095,8 +1095,8 @@ nm_setting_wired_class_init (NMSettingWiredClass *setting_wired_class) ...@@ -1095,8 +1095,8 @@ nm_setting_wired_class_init (NMSettingWiredClass *setting_wired_class)
/** /**
* NMSettingWired:cloned-mac-address: * NMSettingWired:cloned-mac-address:
* *
* If specified, request that the device use this MAC address instead of its * If specified, request that the device use this MAC address instead.
* permanent MAC address. This is known as MAC cloning or spoofing. * This is known as MAC cloning or spoofing.
* *
* Beside explicitly specifing a MAC address, the special values "preserve", "permanent", * Beside explicitly specifing a MAC address, the special values "preserve", "permanent",
* "random" and "stable" are supported. * "random" and "stable" are supported.
...@@ -1107,7 +1107,8 @@ nm_setting_wired_class_init (NMSettingWiredClass *setting_wired_class) ...@@ -1107,7 +1107,8 @@ nm_setting_wired_class_init (NMSettingWiredClass *setting_wired_class)
* the connection's UUID) and a machine dependent key. * the connection's UUID) and a machine dependent key.
* *
* If unspecified, the value can be overwritten via global defaults, see manual * If unspecified, the value can be overwritten via global defaults, see manual
* of NetworkManager.conf. If still unspecified, it defaults to "permanent". * of NetworkManager.conf. If still unspecified, it defaults to "preserve"
* (older versions of NetworkManager may use a different default value).
* *
* On D-Bus, this field is expressed as "assigned-mac-address" or the deprecated * On D-Bus, this field is expressed as "assigned-mac-address" or the deprecated
* "cloned-mac-address". * "cloned-mac-address".
......
...@@ -1337,8 +1337,8 @@ nm_setting_wireless_class_init (NMSettingWirelessClass *setting_wireless_class) ...@@ -1337,8 +1337,8 @@ nm_setting_wireless_class_init (NMSettingWirelessClass *setting_wireless_class)
/** /**
* NMSettingWireless:cloned-mac-address: * NMSettingWireless:cloned-mac-address:
* *
* If specified, request that the device use this MAC address instead of its * If specified, request that the device use this MAC address instead.
* permanent MAC address. This is known as MAC cloning or spoofing. * This is known as MAC cloning or spoofing.
* *
* Beside explicitly specifing a MAC address, the special values "preserve", "permanent", * Beside explicitly specifing a MAC address, the special values "preserve", "permanent",
* "random" and "stable" are supported. * "random" and "stable" are supported.
...@@ -1349,7 +1349,8 @@ nm_setting_wireless_class_init (NMSettingWirelessClass *setting_wireless_class) ...@@ -1349,7 +1349,8 @@ nm_setting_wireless_class_init (NMSettingWirelessClass *setting_wireless_class)
* the connection's UUID) and a machine dependent key. * the connection's UUID) and a machine dependent key.
* *
* If unspecified, the value can be overwritten via global defaults, see manual * If unspecified, the value can be overwritten via global defaults, see manual
* of NetworkManager.conf. If still unspecified, it defaults to "permanent". * of NetworkManager.conf. If still unspecified, it defaults to "preserve"
* (older versions of NetworkManager may use a different default value).
* *
* On D-Bus, this field is expressed as "assigned-mac-address" or the deprecated * On D-Bus, this field is expressed as "assigned-mac-address" or the deprecated
* "cloned-mac-address". * "cloned-mac-address".
......
...@@ -571,7 +571,7 @@ ipv6.ip6-privacy=0 ...@@ -571,7 +571,7 @@ ipv6.ip6-privacy=0
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><varname>ethernet.cloned-mac-address</varname></term> <term><varname>ethernet.cloned-mac-address</varname></term>
<listitem><para>If left unspecified, it defaults to "permanent".</para></listitem> <listitem><para>If left unspecified, it defaults to "preserve".</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><varname>ethernet.generate-mac-address-mask</varname></term> <term><varname>ethernet.generate-mac-address-mask</varname></term>
...@@ -605,7 +605,7 @@ ipv6.ip6-privacy=0 ...@@ -605,7 +605,7 @@ ipv6.ip6-privacy=0
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><varname>wifi.cloned-mac-address</varname></term> <term><varname>wifi.cloned-mac-address</varname></term>
<listitem><para>If left unspecified, it defaults to "permanent".</para></listitem> <listitem><para>If left unspecified, it defaults to "preserve".</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><varname>wifi.generate-mac-address-mask</varname></term> <term><varname>wifi.generate-mac-address-mask</varname></term>
......
...@@ -11737,8 +11737,8 @@ _get_cloned_mac_address_setting (NMDevice *self, NMConnection *connection, gbool ...@@ -11737,8 +11737,8 @@ _get_cloned_mac_address_setting (NMDevice *self, NMConnection *connection, gbool
a = nm_config_data_get_connection_default (NM_CONFIG_GET_DATA, a = nm_config_data_get_connection_default (NM_CONFIG_GET_DATA,
is_wifi ? "wifi.cloned-mac-address" : "ethernet.cloned-mac-address", is_wifi ? "wifi.cloned-mac-address" : "ethernet.cloned-mac-address",
self); self);
/* default is permanent. */
addr = NM_CLONED_MAC_PERMANENT; addr = NM_CLONED_MAC_PRESERVE;
if (!a) { if (!a) {
if (is_wifi) { if (is_wifi) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment