| 1 |
Arun Raghavan wrote: |
| 2 |
>> We could use such an identifier to identify repeated submissions |
| 3 |
>> (users should send in more up to date again later) and handle |
| 4 |
>> some kind of "database pollution" attacks. We wouldn't catch |
| 5 |
>> attackers that change their MAC before submission. |
| 6 |
> |
| 7 |
> Not sure how you can deal with this. How does Smolt or Debian's thing |
| 8 |
> deal with it? |
| 9 |
|
| 10 |
About Debian popcon: |
| 11 |
|
| 12 |
The file |
| 13 |
|
| 14 |
/etc/popularity-contest.conf |
| 15 |
|
| 16 |
contains a key MY_HOSTID which is initialized during package |
| 17 |
installation through this code: |
| 18 |
|
| 19 |
generate_id() { |
| 20 |
if [ -x /usr/bin/uuidgen ] ; then |
| 21 |
MY_HOSTID=`uuidgen | tr -d -` |
| 22 |
else |
| 23 |
MY_HOSTID=`dd if=/dev/urandom bs=1k count=1 2>/dev/null \ |
| 24 |
| md5sum | sed 's/ -//'''` |
| 25 |
fi |
| 26 |
} |
| 27 |
|
| 28 |
The result is a 32 digit hex string. On submission, data for that |
| 29 |
host ID is replaced by the new set of data. |
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
Sebastian |
Archives