Opened 4 years ago

Closed 2 years ago

#16161 closed defect (worksforme)

Tor dies on reload when switching to 'DisableNetwork 0' when using 'DnsPort 127.0.0.1:53'

Reported by: proper Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version: Tor: 0.2.5.12
Severity: Normal Keywords:
Cc: proper Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Using Tor on Debian jessie. Version:

dpkg-query --show --showformat='${Version}' "tor"
0.2.5.12-1

For reproduction of this issue, you could run the following script as root.

#!/bin/bash

set -x

echo '
DnsPort 127.0.0.1:53
DisableNetwork 1
' > /etc/tor/torrc

service tor restart

sleep 2

echo '
DnsPort 127.0.0.1:53
DisableNetwork 0
' > /etc/tor/torrc

service tor reload

Log output:

May 22 22:06:59.000 [notice] Tor 0.2.5.12 (git-3731dd5c3071dcba) opening log file.
May 22 22:06:59.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip.
May 22 22:06:59.000 [notice] Parsing GEOIP IPv6 file /usr/share/tor/geoip6.
May 22 22:06:59.000 [notice] Bootstrapped 0%: Starting
May 22 22:06:59.000 [notice] Delaying directory fetches: DisableNetwork is set.
May 22 22:07:01.000 [notice] Received reload signal (hup). Reloading config and resetting internal state.
May 22 22:07:01.000 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc".
May 22 22:07:01.000 [notice] Read configuration file "/etc/tor/torrc".
May 22 22:07:01.000 [notice] Opening Socks listener on 127.0.0.1:9050
May 22 22:07:01.000 [notice] Opening DNS listener on 127.0.0.1:53
May 22 22:07:01.000 [warn] Could not bind to 127.0.0.1:53: Permission denied
May 22 22:07:01.000 [notice] Closing partially-constructed Socks listener on 127.0.0.1:9050
May 22 22:07:01.000 [warn] Failed to parse/validate config: Failed to bind one of the listener ports.
May 22 22:07:01.000 [err] Reading config failed--see warnings above. For usage, try -h.
May 22 22:07:01.000 [warn] Restart failed (config error?). Exiting.

If DnsPort 127.0.0.1:53 was out commented, this issue would not occur.

Child Tickets

Change History (12)

comment:1 Changed 4 years ago by arma

I unfortunately think this is correct behavior.

Tor, started as root, can bind to low-numbered ports before it drops privileges.

But after it drops them, it can't get them back. That's a feature.

See also #918 for the same situation.

comment:2 Changed 4 years ago by arma

Ah hm -- you are wanting Tor to bind to the low-numbered dnsport on startup even when you specify DisableNetwork (which ordinarily instructs Tor to close all its listeners but the control port).

So this sounds quite similar indeed to #918.

comment:3 in reply to:  2 ; Changed 4 years ago by proper

Replying to arma:

Ah hm -- you are wanting Tor to bind to the low-numbered dnsport on startup even when you specify DisableNetwork

Yes. That's what I thought what DisableNetwork 1 does.

Man page is correct indeed currently.

When this option is set, we don’t listen for or accept any connections other than controller connections, and we close (and don’t reattempt) any outbound connections. Controllers sometimes use this option to avoid using the network until Tor is fully configured.

The intuitively correct behavior that I would suggest is.

We close (and don’t reattempt) any outbound connections. Controllers sometimes use this option to avoid using the network until Tor is fully configured.

Not opening listen ports should be a different option. If that is needed at all?

My suggestion: when DisableNetwork 1 is set,

  • open all ports as usual,
  • prevent any outgoing connections and
  • when receiving requests on these ports, just reply "network down" or something like that.

What do you think?

comment:4 in reply to:  3 Changed 4 years ago by yawning

Replying to proper:

The intuitively correct behavior that I would suggest is.

We close (and don’t reattempt) any outbound connections. Controllers sometimes use this option to avoid using the network until Tor is fully configured.

Not opening listen ports should be a different option. If that is needed at all?

My suggestion: when DisableNetwork 1 is set,

  • open all ports as usual,
  • prevent any outgoing connections and
  • when receiving requests on these ports, just reply "network down" or something like that.

What do you think?

I'm not against having an option to get the behavior that you want, but the principle of least surprise would suggest that DisableNetwork should indeed disable networking, which includes not binding to ports (I would expect a not-otherwise firewalled tor instance running with DisabledNetwork to respond to a SYN with an immediate RST).

comment:5 Changed 4 years ago by proper

Reported a related issue,
when 'sudo service tor reload' fails, Tor exits '0', while it should exit non-zero:
#16175

comment:6 Changed 4 years ago by nickm

Milestone: Tor: 0.2.8.x-final

comment:7 Changed 4 years ago by nickm

Milestone: Tor: 0.2.8.x-finalTor: 0.2.???

comment:8 Changed 4 years ago by arma

Severity: Normal
Summary: Tor dies on reload when swichting to 'DisableNetwork 0' when using 'DnsPort 127.0.0.1:53'Tor dies on reload when switching to 'DisableNetwork 0' when using 'DnsPort 127.0.0.1:53'

I agree that DisableNetwork should not leave ports open.

I think #5220 is the only real answer we've got here. I wonder if we should merge this one and #918 and then somehow merge that with #5220.

comment:9 Changed 3 years ago by teor

Milestone: Tor: 0.2.???Tor: 0.3.???

Milestone renamed

comment:10 Changed 3 years ago by nickm

Keywords: tor-03-unspecified-201612 added
Milestone: Tor: 0.3.???Tor: unspecified

Finally admitting that 0.3.??? was a euphemism for Tor: unspecified all along.

comment:11 Changed 2 years ago by nickm

Keywords: tor-03-unspecified-201612 removed

Remove an old triaging keyword.

comment:12 Changed 2 years ago by nickm

Resolution: worksforme
Status: newclosed

If you really need this to work, you do need to either keep the capability to bind to low ports, or you need to use port forwarding instead of binding to 53 directly.

Note: See TracTickets for help on using tickets.