UUIDs and Device Mapper Info in garuda-inxi Sensitive Information

anon37929306 · 4 April 2024 12:53

I can not verify your conclusion in the other thread regarding garuda-inxi not containing sensitive information or even UUIDs.

I checked it using garuda-inxi | grep -i UUID and several entries are showing the script outputs device mapper information and multiple UUIDs. Therefore not necessarily required information is collected (but not transmitted!), if required to obtain help it in the forums, it would be a violation of EU GDPR and the US Privacy Act. You would be forcing users to reveal more than absolutely necessary, in conflict with the mentioned laws.

Screenshot:

It may be worth it to develop a wrapper using Python (or any other language of your preference) to aggregate the information into stages that can be triggered by using flag parameters (to tailor it to necessary information collection only) and e.g. for the monitors to a summary like “[n] monitors are being used” or “ single monitor”.

I’d recommend Python, it is easy to use on strings, and it is by default installed. Adding parameters and flags processing to it is easier, as there is a framework for doing that, next to the better readability and maintainability.

The current collector is written in bash, which can be verified using nano /bin/garuda-inxi or vim /bin/garuda-inxi. It looks great!

Thank you very much for your great work, I love the distro.

SGS · 4 April 2024 13:10

Your mistrust is honorable, but it can also be exaggerated.

UUID stands for Universally Unique IDentifier of a partition. This ID is used in several different places to identify the partition. The most common place is /etc/fstab.

The UUID does not provide any information, it only distinguishes the drives internally and can be changed at any time.

anon37929306 · 4 April 2024 14:10

Trust increases by transparency and carefully considering the environment and the decisions. Search Engines won’t help you with the required portion of the full-picture’s understanding.

When shit hits the fan “Downplayers” tend to learn fast, especially when they have not learned before. For example, ask the people at Microsoft (e.g. Windows Error Reporting collection, Printer Nightmare, Eternal Blue, UAC Bypasses, “Double File Extension” etc).

The UUID does not provide any information, it only distinguishes the drives internally and can be changed at any time

True, UUIDS are system specific unique identifiers. GUIDs on the other hand are global. But that makes them interesting for the best attackers.

As users are changing hardware rarely, and routine new installations are not for the average users’ mind, there is a very high possibility that we can compare those UUIDs to a system and we can search for users with that UUID, AND we can good enough link an UUID to an user using our average Search Engine or a custom build search engine for that purpose.

Attackers are eager to obtain various information and connecting them, whether it is software versions to compare it to previously crafted, stolen or collected exploits, or identifying high value victims by using their openly provided system information e.g. on your forums.

Once a victim is infiltrated it is very easy to leverage that information either for target identification or for privilege escalation (e.g. using Social Engineering), as you may just look up the interests of the forums user connected to that UUID, or building up your campaign on the hardware the user has.

Connecting the systems with the individuals, and eventually their identity, as we all are using E-Mail addresses or other contact info on the forums, is another serious concern, it can be used by malicious actors as well. Not only Social Engineering and so on.

As you can see, of course, this is a privacy and a security issue.

We should be aware that such collection of PII under GDPR or Privacy Act. is probably illegal, especially as “mandatory” forum requirement, to obtain help, as stated by yourself previously.

SGS · 4 April 2024 14:22

Whoever has your IP or other data certainly doesn’t need your PC data, trust me

I don’t intend to deal with your problems any further.

nepti · 4 April 2024 14:56

I can very well understand your point of view about publishing as little information as possible on the wild_wild_web.

But if someone needs help here, it is important that potential helpers have all the important system information available. And I think that garuda-inxi is a good compromise between privacy and useful information.

btw: What you have written here so far reveals more about you than a garuda-inxi…

SGS · 4 April 2024 15:00

If you had put your energy for these posts into finding your last problem, we would have been spared a lot of your conspiracy theories.
As mentioned in the template, queries should only be posted after an unsuccessful search, if you don’t stick to this, you should also expect your post to be moved to 412 Precondition Failed

TilliDie · 4 April 2024 15:14

I have to ask Why did you redact 90% of your garuda-inxi? I,ve posted mine here so many times Now i,m worried

anon37929306 · 4 April 2024 15:18

You say:

your conspiracy theories

Who’s quote is that?

Whoever has your IP or other data certainly doesn’t need your PC data, trust me

I am sorry for asking, because I thought it is faster to ask the people who work on it after I have spent a bit to figure out solutions, rather than trying to waste more time on it.

SGS · 4 April 2024 15:26

That’s not how we work here on the forum, why should we waste any more time on your problems?

You are smart enough to solve your own problems.

Much luck.

filo · 4 April 2024 15:30

Maybe I am too simplistic, but, considering our distro as small, made by volunteers, in their spare time, following their tastes, etc., I always tend to think “upstream”.
garuda-inxi is based on inxi, adds quite a few (important) things but is basically an inxi -Faz where we already use the z flag (Adds security filters for IP addresses, Mac, location (-w), and user home directory name).

See also the man page
[man inxi (1): Command line system information script for console and IRC]

PRIVACY AND SECURITY
In order to maintain basic privacy and security, inxi filters out automatically on IRC things like your network card mac address, WAN and LAN IP, your /home username directory in partitions, and a few other things.

Because inxi is often used on forums for support, you can also trigger this filtering with the -z option (-Fz, for example). To override the IRC filter, you can use the -Z option. This can be useful to debug network connection issues online in a private chat, for example.

If anyone is interested in making proposals (MR), our gitlab is accessible and the script is here:

That being said, reasoning “upstream”, this job would be better directed to the inxi project itself, to be used by the whole community.

SGS · 4 April 2024 15:35

No, as I wrote

Only you.

anon37929306 · 4 April 2024 15:35

Thank you for sharing, and if I got some spare time to focus on that, I will propose it. But I think the basic idea itself, is probably a fair enough contribution as well, for now.

dr460nf1r3 · 4 April 2024 15:36

Working together also includes providing necessary information and following guidelines. I don’t see a reason to argue against that. Either you follow them or not, it’s simple. Arguing against that wastes further precious free time of our volunteers.

nepti · 4 April 2024 16:06

Please fill out and send to Santa Claus:

I am a troll
I am ChatGPT
Both

Protip for you: follow the white rabbit.

SGS · 4 April 2024 16:18

Bro · 4 April 2024 21:18

If you were actually in the “security community” you wouldn’t be so clueless.