/etc/machine-id is confidential but world-readable

nrj · January 26, 2021, 12:50am

This ID uniquely identifies the host. It should be considered
“confidential”, and must not be exposed in untrusted
environments, in particular on the network. If a stable unique
identifier that is tied to the machine is needed for some
application, the machine ID or any part of it must not be used
directly. Instead the machine ID should be hashed with a
cryptographic, keyed hash function, using a fixed,
application-specific key. That way the ID will be properly
unique, and derived in a constant way from the machine ID but
there will be no way to retrieve the original machine ID from the
application-specific one. The
sd_id128_get_machine_app_specific(3) API provides an
implementation of such an algorithm.

But on my NixOS it seems to be world-readable. Should this be changed?

On my machine, Pulseaudio seems to be accessing that file very frequently, but it has a fallback behavior if that file is not available.

hmenke · January 26, 2021, 10:08am

I quickly checked a few non-NixOS systems I have access to and on all of them /etc/machine-id is world-readable.

nrj · January 26, 2021, 9:52pm

The machine-id is actually written into all of the world-readable /boot/loader/entries/ as well.

nrj · January 26, 2021, 10:00pm

The networking.hostId docs suggest using head -c 8 /etc/machine-id “to ensure when using ZFS that a pool isn’t imported accidentally on a wrong machine.” but there is actually an API for getting application-specific machine keys: sd_id128_get_machine_app_specific().