On Tue, 08.11.16 16:49, Stephen Gallagher (sgallagh@xxxxxxxxxx) wrote: > For as long as I can recall, Fedora has shipped with a default hostname of > "localhost.localdomain"[1]. This default was "safe" for a very long time because > we also shipped an /etc/hosts entry that routed this hostname to the loopback > device for the benefit of some older system services (like sendmail). > > However, having the default be the same on all systems introduces other > problems, notably with regards to acting as a client to FreeIPA or Active > Directory domain controllers. > > When enrolling with one of these DCs, the machine's current hostname (up to the > first dot) is used to uniquely identify the machine into the domain. If the > machine's hostname is not unique in that domain, the enrollment will either fail > or the machine will take over that name (depending on the server-side > implementation). Neither case is likely to be what the user intended. > > > Some information on competing platforms: > > Windows deals with this on for its systems by assigning all new machines a > random hostname of the form WIN-XXXXXXXXXXX (that's a strict count of 11 random > characters of either capital letters or decimal numerals after the WIN- prefix). > This is because there is a 15-character maximum limit on the machine-name in > Active Directory, after which it is simply truncated (which is a bad behavior, > but one we have to deal with). > > Mac OS X and Ubuntu both require the user to pick a machine name at install time > explicitly. They do not autogenerate one at all. > > SUSE generates a random name of the format linux-XXXXXX (I'm not sure how many > random characters). > > > My proposal is that we should consider changing the default hostname for Fedora > 26 to be either FED-XXXXXXXXXXX or FEDORA-XXXXXXXX. The former allows for a > longer random string and therefore lower risk of collision in large > environments, while the latter would also provide improved branding for > Fedora[2]. Our default BASH shell prompt includes the current machine's hostname. > > > Thoughts on how to generate these random strings are of course up for > discussion. Given that initial machine creation may have limited available > entropy, we may want to avoid just calling out to /dev/random. Dusty Mabe > suggested in on IRC that one option might be to use either the first or last > 8/11 characters from /etc/machine-id, since presumably those would be > sufficiently random. Other operating systems, notably security-focussed ones like ChromeOS, go the other way, and try to remove as many identifiers as possible that could be used to track users. In fact, at LPC we discussed even making /etc/machine-id an optional concept in that context, so that there really would not be any useful local ID that could leak to external systems. I must say I sympathise with ChromeOS approach there, I think it would make sense to default to more secure default in this regard, rather than opening this all up. Now, I can see that it is useful for systems that install the IPA client to behave differently here, and use some better hostname for them, but I think this should only happen on those systems: I think a good solution would be continue to use "localhost" as the Fedora default hostname, but make the IPA enrollment code smart enough, so that it recognizes that "localhost" is not useful as a public hostname (it really should know this anyway!), and if it sees that automatically changes the hostname to something more useful for IPA clients. (changing the hostname in this case is easy, there's a friendly bus API for that in hostnamed) Hence, please keep this specific to IPA clients, don't let this leak into the Fedora defaults. (Also, please do not leak /etc/machine-id as it is — or any parts of it — into identifiers that are passed onto the untrusted networks, in particular as suffixes of hostnames. Instead, hash it with some cryptographic, keyed hash function, and use a fixed, application-specific key. That way the ID will be properly unique, and is derived in a constant way from the machine ID but there's no way to derive the original machine ID from the app-specific one. I figure this recommendation should be added to the man page.) Lennart -- Lennart Poettering, Red Hat _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
