[Insight-developers] gdcmUtil.cxx polling for a MAC Address

Stephen Aylward Stephen.Aylward at Kitware.com
Thu Apr 10 11:03:40 EDT 2008 

After the freeze is fine.

We can modify our local version for the customer until then.

Thanks,
Stephen

On Thu, Apr 10, 2008 at 9:37 AM, Mathieu Malaterre
<mathieu.malaterre at gmail.com> wrote:
> Hi Stephen,
>
>
>  On Thu, Apr 10, 2008 at 3:25 PM, Stephen Aylward
>  <Stephen.Aylward at kitware.com> wrote:
>  > On Thu, Apr 10, 2008 at 9:08 AM, Mathieu Malaterre
>  >  <mathieu.malaterre at gmail.com> wrote:
>  >  >  > This is of concern because asking for something like a mac address may be
>  >  >  > considered a security risk by our customer...
>  >  >
>  >  >  I will not entered to much in the subject, but they are using open
>  >  >  source software after all ;-P
>  >  >  And as a side note, there is a much much easier solution to avoid this
>  >  >  'security risk', and it's called mac address spoofing.
>  >
>  >  Hi - just to clarify - for certain software delivered to the DOD, they
>  >  will run it on a test machine before running it on their secure
>  >  computers.   If they notice any "odd" behavior on the test machine,
>  >  they will not approve the software for installation on their secure
>  >  machines.   Note that they do not look at source code; they just
>  >  monitor the software's activity (I know few details about what this
>  >  exactly means).
>
>  sweet ! I love those black box approaches. It so much more easier to
>  do that rather than go throught the entire VTK + ITK + Cmake source
>  code :)
>
>
>  > Well, not surprisingly, it causes red flags to have
>  >  a visualization program, that we said did not use the network, to
>  >  spontaneously post an error message about a MAC address not being
>  >  found because of no active internet card.   While we know it isn't a
>  >  security risk, it is easy to see how other folks could perceive this
>  >  as "suspicious."
>
>  Ok, makes perfect sense now.
>
>
>  >  It would be great if we could have a developer optionally specify a
>  >  key via cmake instead of always using the MAC address.   If no key is
>  >  given, then it would be ok to fall back to the MAC address.  If a key
>  >  is given, then no MAC address is requested.
>
>  BTW, before I forgot, Patrick, this is NOT ok to replace by an empty
>  string, because UID will contains '12345..6789' and you are not
>  allowed to have '.' without any component in between. At least put a
>  number [1-9]
>
>  I think I know how to implement a proper patch, because we save room
>  (~13bytes) not using the mac adress, I replace that with a random
>  number. Hopefully people replacing the MAC address implementation with
>  the large random number offer some kind of hardware implementation
>  (like /dev/urandom). Ref:
>
>  http://gdcm.svn.sourceforge.net/viewvc/gdcm/trunk/Utilities/uuid/gen_uuid.c?view=markup
>
>  Can this be done after ITK freeze ?
>
>  Regards,
>  --
>  Mathieu
>



-- 
Stephen R. Aylward, Ph.D.
Chief Medical Scientist
Kitware, Inc. - Chapel Hill Office
http://www.kitware.com
(518) 371-3971 x300

More information about the Insight-developers mailing list