Subject: Re: exporting hardware "system ID" by sysctl
To: Joerg Sonnenberger <firstname.lastname@example.org>
From: Steven M. Bellovin <email@example.com>
Date: 10/17/2007 20:58:25
On Wed, 17 Oct 2007 22:07:26 +0200
Joerg Sonnenberger <firstname.lastname@example.org> wrote:
> On Wed, Oct 17, 2007 at 03:54:50PM -0400, Thor Lancelot Simon wrote:
> > I'd like to export a hardware "system ID" by sysctl (this would also
> > export system type information where available). Actually, though,
> > I'd like to export several, since many current systems have a
> > number of such IDs.
> If you really want to do this, I think a separate sysctl should exist
> to restrict it to privileged processes. See the long discussions
> about the P3 serial number.
Hmm, I'm not convinced about this one. There tend to be other
effectively-unique IDs, such as MAC addresses; I'm not sure that
locking down just this set helps much. (Aside: the P3 issue wasn't
real. Anyone who had enough access to query the CPU serial number
had enough access to find lots of other serial numbers, including the
set that Thor would like.)
It would help this part of the discussion, I think, if I understood
better how the information would be used. What programs or daemons
would query it? Would they run as root?
--Steve Bellovin, http://www.cs.columbia.edu/~smb