Opened 2 months ago

Last modified 10 days ago

#30518 new defect

Android - Add missing command line options

Reported by: sysrqb Owned by: tbb-team
Priority: Very High Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-mobile, tbb-8.5, TorBrowserTeam201907
Cc: sisbell Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

After looking at #30284 and talking with sisbell, I noticed there are some more differences between how tor is launched on Linux and how it is launched on Android. Tor isn't given geoip DBs, but that's not a problem right now (we can add that later). More concerning is that on desktop we set IPv6Traffic PreferIPv6 and KeepAliveIsolateSOCKSAuth. The first two are a distinguisher at the exit node (in theory, there shouldn't be many ways an exit node can identify different Tor Browser platforms if the connection between the exit node and destination server uses TLS). We should set these tor config options for both consistency but also because not being consistent is bad for anonymity.

Where Tor Launcher sets the args. I currently see this on Linux when running Tor Browser:

/home/user/tor-browser_en-US/Browser/TorBrowser/Tor/tor
--defaults-torrc /home/user/tor-browser_en-US/Browser/TorBrowser/Data/Tor/torrc-defaults
-f /home/user/tor-browser_en-US/Browser/TorBrowser/Data/Tor/torrc
DataDirectory /home/user/tor-browser_en-US/Browser/TorBrowser/Data/Tor
GeoIPFile /home/user/tor-browser_en-US/Browser/TorBrowser/Data/Tor/geoip
GeoIPv6File /home/user/tor-browser_en-US/Browser/TorBrowser/Data/Tor/geoip6 HashedControlPassword 16:$hash 127.0.0.1:9150
IPv6Traffic PreferIPv6 KeepAliveIsolateSOCKSAuth __OwningControllerProcess 666

Child Tickets

Change History (10)

comment:1 Changed 2 months ago by sisbell

IPv6Traffic PreferIPv6 KeepAliveIsolateSOCKSAuth are socks port flags in the config file, so that's probably where we want to add them.

Android is using CookieAuthentication, we'd need another issue opened if we want to support HashedControlPassword.

GeoIpFile and GeoIPv6File are already supported in torrc config file. DataDirectory is not currently supported so would need to be added.

comment:2 Changed 2 months ago by sysrqb

Okay, I have a tor-browser-build branch (currently building) that patches TOPL such that IPv6Traffic PreferIPv6 and KeepAliveIsolateSOCKSAuth are always added when the SocksPort is defined in the torrc. This isn't a good patch, but given the current constraints I think this is sufficient. I tested this patch on Android 4.1, 4.4, 5.1, 6, and 8. They all accept these new SocksPort flags without any apparent issues.

I'll set this to needs-review after the branch finishes building and the tests still look good.

comment:3 Changed 2 months ago by sysrqb

Status: newneeds_review

Okay, branch bug30518 in my repo. I am a little scared of this, but I think it's good.

$ ~/.mozbuild/android-sdk-linux/platform-tools/adb shell cat /data/data/org.torproject.torbrowser_nightly/app_torservice/torrc
AutomapHostsOnResolve 1
ControlPortWriteToFile /data/data/org.torproject.torbrowser_nightly/app_torservice/lib/tor/control.txt
ControlPort auto
CookieAuthentication 1 
CookieAuthFile /data/data/org.torproject.torbrowser_nightly/app_torservice/lib/tor/control_auth_cookie
DisableNetwork 1
DNSPort 5400
HTTPTunnelPort 8218
ReducedConnectionPadding 1
RunAsDaemon 1
SafeSocks 0
SOCKSPort auto KeepAliveIsolateSOCKSAuth IPv6Traffic PreferIPv6
StrictNodes 0
TestSocks 0
TransPort 9140
UseBridges 0
VirtualAddrNetwork 10.192.0.0/10

As mentioned in #30284, we should cleanup other config options later, too.

comment:4 Changed 2 months ago by gk

Keywords: tbb-mobile TorBrowserTeam201905R added

Alright, what could go wrong: pushed to master (commit 619cf8e9c1826812936b491711f67107aaf24fe7) and maint-8.5 (commit a9fa9bf0e3bb67c235e677f02ac5f3a5b74dfb59).

Please create additional bugs for doing the remaining work here (I guess the patch should get as well into TOPL in the next iteration) and close the ticket.

comment:5 Changed 2 months ago by sisbell

This issue also came up in the Orbot project in a commit that occurred after forking to tor-android-service

https://github.com/guardianproject/orbot/commit/12b91c44f3af675dd0db5a3bacbf232c0f8d61f4

comment:6 Changed 8 weeks ago by sisbell

We should use the preferences that orbot is using to enable/disable IPv6Traffic so we maintain support for Orbot as well. I'll branch and add this to tor-android-service.

comment:7 in reply to:  6 Changed 7 weeks ago by gk

Keywords: TorBrowserTeam201905 added; TorBrowserTeam201905R removed
Status: needs_reviewnew

Replying to sisbell:

We should use the preferences that orbot is using to enable/disable IPv6Traffic so we maintain support for Orbot as well. I'll branch and add this to tor-android-service.

Setting to new meanwhile. Please, reset for review once the branch is done, thanks.

comment:8 Changed 5 weeks ago by gk

Keywords: tbb-8.5 added; tbb-8.5-must removed

8.5 is out toning down the keywords.

comment:9 Changed 5 weeks ago by gk

Keywords: TorBrowserTeam201906 added; TorBrowserTeam201905 removed

Moving tickets to June

comment:10 Changed 10 days ago by gk

Keywords: TorBrowserTeam201907 added; TorBrowserTeam201906 removed

Moving tickets to July

Note: See TracTickets for help on using tickets.