Opened 6 years ago

Last modified 4 months ago

#14947 new defect

Torbrowser 4.0.3 lacks required "user_pref" preferences of TorButton on fresh extension's installation.

Reported by: johnakabean Owned by: tbb-team
Priority: Low Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-torbutton, gitlab-tb-torbutton
Cc: mcs Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


This may be hard to reproduce but start tor browser with a blank profile, an EMPTY folder and run "firefox.exe -p" to create it, copying the "extensions" folder to that profile from the tor browser bundle "tor browser\data\browser\profile.default\extensions..." so that it adds https-everywhere, noscript, and torbutton back in the profile.

When torbutton installs itself, it doesn't add the following settings as user_pref's:

  • extensions.torbutton.socks_remote_dns [true/false]
  • extensions.torbutton.saved.socks_remote_dns [true/false]
  • extensions.torbutton.custom.socks_remote_dns [true/false]
  • extensions.torbutton.custom.socks_version [4/5]
  • extensions.torbutton.socks_version", [4/5]
  • (extensions.torbutton.saved.socks_version does get installed)

I understand the reason these settings may not be there at first is because no one has configured torbutton to have any "custom" settings; however, when someone does specify custom custom proxies in tor button, they don't get put there at that time either.

These settings should be put in torbrowser when torbutton installs/reinstalls itself; they can even be left set as NULL until they are configured/used by tor button.

By not doing so, it can cause torbrowser (firefox.exe itself) to panic and have a hard time making connections in ssl, specifically, and cause these SSL connections to time out. It will also cause connections in standard http to crawl while causing torbutton to not have control of the connection settings in tor browser without hitting "restore defaults" in torbutton. 

As said, for testing, there are no other extensions than noscript,torbutton, and https-everywhere. Flash was set to "always ask" (thus diabling option in torbutton to 'disable Plugins') along with private mode (first option in torbutton preferences) NOT being enabled. Other than setting custom proxies in torbutton, not one other setting is changed from default in tor brower or tor button.

Torbutton settings are set to redundantly use either one of the five running tor NT services remotely over the lan on the domain controller, automatically load balanced by the domain contollers. Whether or not the client work stations utilize tor brower, they all use tor for tunneling recursive lookups to the root nameservers. Tor's dns server function are listening on port 153 and forwarded queries by the real dns server for the domain.

I understand this is not how people normally use tor browser, having a clean profile instead of using the one that comes with tor browser bundle and accessing tor's client services over the lan, not running tor.exe locally; however, this is for RFC whitepaper purposes for deploying tor browser over a domain. You always make it uniform for deployment to work in the scenarios you don't expect it to; I already have another ticket open for tor browser itself not wanting to parse windows variables, in order to deploy this over the windows domain.

So, all it takes for this bug is someone creating a new profile using torbrowser in their windows user profile (once we hopefully get the other bug fixed to allow the use of "%profile%" in the profiles.ini path) and our domain controller copying a $h/preferences/extension_overrides.js from our default skeleton (so that they will be able to use our tor services), along with the 3 default extensions to $h/extensions. Then, because preferences torbutton looks for to modify and then copy over to torbrowser's preferences are missing, those preferences of torbrowser don't get created and, thus, seem to cause torbrowser to have intermittent connection problems.

When first starting torbrowser and configuring it as described above (and attached below), it won't resolv dns. When you clear cache and restart it to try to remedy any issues with cache, it resolves dns but now takes a while, along with crawling connections, even when the connection is set in tor button/firefox OR the proxy server to bypass tor for that specific domain (i.e. lan web server).

Fixing this should be as simple as making tor button install the settings defined above and, as said, they can even be set to null or anything you like, just as long as they're there.

Child Tickets

Attachments (2)

prefs.js (5.8 KB) - added by johnakabean 6 years ago.
Torbrowser DEFAULT prefs.js WITHOUT fix and with bug.
extension-overrides.js (5.2 KB) - added by johnakabean 6 years ago.
Default overwrite preferences.

Download all attachments as: .zip

Change History (10)

Changed 6 years ago by johnakabean

Attachment: prefs.js added

Torbrowser DEFAULT prefs.js WITHOUT fix and with bug.

Changed 6 years ago by johnakabean

Attachment: extension-overrides.js added

Default overwrite preferences.

comment:1 Changed 6 years ago by johnakabean

Priority: criticalmajor
Summary: Torbrowser lacks required "user_pref" preferences of TorButtonTorbrowser 4.0.3 lacks required "user_pref" preferences of TorButton on fresh extension's installation.

comment:2 Changed 6 years ago by johnakabean


Last edited 6 years ago by johnakabean (previous) (diff)

comment:3 Changed 6 years ago by gk

Component: TorbuttonTor Browser
Keywords: tbb-torbutton added; torbutton tor button tor browser tor browser 4.0.3 firefox extension preferences tor browser preferences pref user_pref removed
Owner: set to tbb-team
Priority: majorminor

I am inclined to mark this as WONTFIX but maybe I am not understanding the use case here good enough. Anyway, note that we hide the Torbutton proxy settings panel starting with the 4.5a4.

comment:4 Changed 6 years ago by mcs

There is a lot of information in this ticket but I do not understand what is broken.

If you create a profile that looks exactly like the one that we bundle with Tor Browser, everything should work exactly like it does with the bundled profile (profile.default). We rely on the default preferences that we build into the browser as well as the ones that are included in the profile via extension-overrides.js.

I tried that by doing the following with Tor Browser 4.0.3 and everything appeared to work fine:
1) Ran firefox -p, created a new profile, did not start the browser.
2) Copied the extensions and preferences directories from profile.default to the new profile.
3) Started Tor Browser using the new profile.

And a request: please respond when Tor engineers ask for clarification (for example, see my questions in ticket:14795#comment:1)

comment:5 Changed 6 years ago by mcs

Cc: mcs added

comment:6 Changed 6 years ago by johnakabean

when you use torbrowser freshly unzipped, yes it seems to work perfect but if, for some reason, you need to reset torbutton and/or tor browser preferences, torbutton will not reinstall the preferences related to socks version and remote dns in a fresh, default "firefox" profile. Like I said, to reproduce, start tor browser with '-p' flag and create a fresh profile in a new location. Install torbutton using the xpi file in the original profile that came with tor browser; when it gets installed, it will add proxy options but not the ones outlined in the original post above.

By not doing so, for some reason it can cause tor button to lose ability to change the proxy settings of the browser along with making the browser have intermittent connection problems (every 2nd and 3rd connection to time out, get reset, or fail resolution.

I found this was the cause when I noticed the above settings were missing from prefs.js along with being missing from 'preferences\extension_Overrides.js' and added them to prefs.js; after ONLY adding these preferences and setting them, I regrew the hair I had pulled out over the last 3 days, blaming everything else :) I thought other plugins were causing the issue or whatever; I constantly reset tor browser to default profile againt, utilizing trial and error to narrow down the issue.

You should not have done step 2 of MCSs instructions but only installed torbutton's xpi as if you had downloaded it off a site (even though it doesn't come separate anymore). After you do "firefox -p" and created new profile, START tor browser and just drag the .xpi of torbutton to the browser to have the browser set up everything.

The scripts inside the xpi file fail to setup the preferences I mentioned in the original post.

Even though torbrowser comes with torbutton setup correctly [the above preferences NOT missing], this "rfc standard" functionality is needed of torbutton so that torbrowser can be deployed over a domain with active directory. This is so the domain users can generate their own profiles and for reason we don't know would need it to work right in the future.

Last edited 6 years ago by johnakabean (previous) (diff)

comment:7 Changed 3 years ago by teor

Severity: Normal

Set all open tickets without a severity to "Normal"

comment:8 Changed 4 months ago by gk

Keywords: gitlab-tb-torbutton added

Add magic gitlab keyword.

Note: See TracTickets for help on using tickets.