Opened 4 years ago

Last modified 5 months ago

#12411 reopened defect

Orbot broke using DNSPort

Reported by: isis Owned by: n8fr8
Priority: Medium Milestone:
Component: Applications/Orbot Version:
Severity: Blocker Keywords: orbot-14.0.3.1, orbot-14.0.4, wtf, software-engineering
Cc: isis, mikeperry, n8fr8 Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Orbot 14.0.3.1 completely breaks networking, if you have firewall scripts which don't allow leaks.

THIS MEANS THAT ORBOT IS LEAKING LIKE THE FUCKING PENTAGON PAPERS, EXCEPT NOT IN A GOOD WAY.

This is because Orbot (as of 14.0.3.1 and later) sets `DNSPort 0`, which disables tor's DNSPort entirely. This means that people who use iptables scripts outside of Orbot (as described in Mike Perry's recent blog post) to redirect UDP DNS traffic to the DNSPort cannot do so. It also means that every other application will leak traffic all over the place.

Currently, the only way to fix this mess is to force stop and uninstall Orbot, download an older (14.0.1) .apk onto another device, and copy it over manually to the broken one to reinstall it. This is ridiculous. You're practically bricking people's devices, and you're forcing them to jump through extreme hoops to preserve their anonymity.

Child Tickets

Change History (6)

comment:1 Changed 4 years ago by n8fr8

Resolution: fixed
Status: newclosed

Nothing is leaking. DNS might not be resolving for apps expecting it on localhost:5400 but why would that cause a leak?

Most users rely on Orbot's built in transproxy support. This is enabled by granting Orbot root and enabling the transproxy option. If you do this, it will turn on transport and dnsport. You do not need to turn on the everything or app-by-app options.

It is two taps to enable this. Any user who has followed Mike's instructions is likely capable of tapping twice.

Orbot now supports custom torrc entries via Orbot Settings menu near the bottom. You can set whatever entries you would like there.

The reason we disabled the ports by default is related to issues with Samsung devices and port conflicts. We will reconsider having these ports back on by default with an easy option to turn them off for users who don't need them.

comment:2 Changed 4 years ago by mikeperry

Resolution: fixed
Status: closedreopened

Actually, my blog post instructions explicitly say not to give Orbot root right now. I wanted to avoid this, because it was unnecessary and an additional security risk.

Moreover, the custom torrc entries dialog you suggest is broken for this use case. Because Orbot now sets DNSPort and TransPort explicitly to 0 in its torrc, the user cannot override them in the same torrc file. If you add "TransPort 9040" in the "Torrc Custom Config" field in Orbot, tor will no longer start. Try it out.

I think the right way to do this is as Isis suggested in #12413. If you start tor with --defaults-torrc pointing to your torrc, and then place the "Torrc Custom Config" values in a second torrc.custom file, those user values will then properly override anything from the main torrc.

I don't think this can be called fixed until we have some way for people to enable these settings without giving Orbot root. I'd also like a way to script these settings from the HOWTO, so it can automatically override the Orbot default values to keep the installation simple. This is also currently impossible right now, though #12413 would help accomplish it.

In fact, people who followed my howto are upgrading to Orbot 14.04 and probably scratching their heads wondering why their tablet's network access completely stopped working. That's kind of bad, and probably why Isis's description is so ragetastic. When it hit me, I was also rather confused, and it was not easy to downgrade to a working Orbot either.

comment:3 Changed 4 years ago by n8fr8

Should the user specify the torrc custom config file in the Orbot settings, or should we put it in a standard place by default? The issue I see with that approach is that if they are in general read/write storage (like /sdcard etc), then any app can modify them.

comment:4 Changed 4 years ago by n8fr8

comment:5 in reply to:  3 Changed 4 years ago by n8fr8

Replying to n8fr8:

Should the user specify the torrc custom config file in the Orbot settings, or should we put it in a standard place by default? The issue I see with that approach is that if they are in general read/write storage (like /sdcard etc), then any app can modify them.

Sorry I understand what you mean now. Thanks.

comment:6 Changed 5 months ago by Samari

Severity: Blocker
Note: See TracTickets for help on using tickets.