udev: when random MACs are requested, generate them with genuine randomness

This is a security feature, and we thus shouldn't derive the random MACs
from a potentially guessable source. MAC addresses are after all facing
to the outside, and can be interacted with from untrusted environments.
Hence, let's generate them the same way as we generate UUIDs: from
getrandom() or /dev/urandom, and optionally with RDRAND if that's
supported.

RDRAND should be fine, since this is not cryptographic key material, but
ultimately public information. We just want to make sure conflicts are
not likely.

Previously we'd generate the MACs via rand(), which means given the
short seed they are a little bit too guessable, making collisions too
likely. See #14355 in particular.

Fixes: #14355
(Note that #14355 was already fixed by
a0f11d1d11a546f791855ec9c47c2ff830e6a5aa, but I think we should do
better even, and not rely on rand() and uninitialized random pools)

diff --git a/src/udev/net/link-config.c b/src/udev/net/link-config.c
index 4d7293fd7d847018750757e5088151b25d9f0eb1..75c2aec491ee1e7c42a545bbb71d5347df9b5db3 100644 (file)
--- a/src/udev/net/link-config.c
+++ b/src/udev/net/link-config.c
@@ -328,7 +328,11 @@ static int get_mac(sd_device *device, MACAddressPolicy policy, struct ether_addr
 
         if (want_random) {
                 log_device_debug(device, "Using random bytes to generate MAC");
-                random_bytes(mac->ether_addr_octet, ETH_ALEN);
+
+                /* We require genuine randomness here, since we want to make sure we won't collide with other
+                 * systems booting up at the very same time. We do allow RDRAND however, since this is not
+                 * cryptographic key material. */
+                genuine_random_bytes(mac->ether_addr_octet, ETH_ALEN, RANDOM_ALLOW_RDRAND);
         } else {
                 uint64_t result;