Opened 7 days ago

Last modified 39 hours ago

#30518 needs_review defect

Android - Add missing command line options

Reported by: sysrqb Owned by: tbb-team
Priority: Very High Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-8.5-must, tbb-mobile, TorBrowserTeam201905R
Cc: sisbell Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

After looking at #30284 and talking with sisbell, I noticed there are some more differences between how tor is launched on Linux and how it is launched on Android. Tor isn't given geoip DBs, but that's not a problem right now (we can add that later). More concerning is that on desktop we set IPv6Traffic PreferIPv6 and KeepAliveIsolateSOCKSAuth. The first two are a distinguisher at the exit node (in theory, there shouldn't be many ways an exit node can identify different Tor Browser platforms if the connection between the exit node and destination server uses TLS). We should set these tor config options for both consistency but also because not being consistent is bad for anonymity.

Where Tor Launcher sets the args. I currently see this on Linux when running Tor Browser:

/home/user/tor-browser_en-US/Browser/TorBrowser/Tor/tor
--defaults-torrc /home/user/tor-browser_en-US/Browser/TorBrowser/Data/Tor/torrc-defaults
-f /home/user/tor-browser_en-US/Browser/TorBrowser/Data/Tor/torrc
DataDirectory /home/user/tor-browser_en-US/Browser/TorBrowser/Data/Tor
GeoIPFile /home/user/tor-browser_en-US/Browser/TorBrowser/Data/Tor/geoip
GeoIPv6File /home/user/tor-browser_en-US/Browser/TorBrowser/Data/Tor/geoip6 HashedControlPassword 16:$hash 127.0.0.1:9150
IPv6Traffic PreferIPv6 KeepAliveIsolateSOCKSAuth __OwningControllerProcess 666

Child Tickets

Change History (5)

comment:1 Changed 6 days ago by sisbell

IPv6Traffic PreferIPv6 KeepAliveIsolateSOCKSAuth are socks port flags in the config file, so that's probably where we want to add them.

Android is using CookieAuthentication, we'd need another issue opened if we want to support HashedControlPassword.

GeoIpFile and GeoIPv6File are already supported in torrc config file. DataDirectory is not currently supported so would need to be added.

comment:2 Changed 6 days ago by sysrqb

Okay, I have a tor-browser-build branch (currently building) that patches TOPL such that IPv6Traffic PreferIPv6 and KeepAliveIsolateSOCKSAuth are always added when the SocksPort is defined in the torrc. This isn't a good patch, but given the current constraints I think this is sufficient. I tested this patch on Android 4.1, 4.4, 5.1, 6, and 8. They all accept these new SocksPort flags without any apparent issues.

I'll set this to needs-review after the branch finishes building and the tests still look good.

comment:3 Changed 5 days ago by sysrqb

Status: newneeds_review

Okay, branch bug30518 in my repo. I am a little scared of this, but I think it's good.

$ ~/.mozbuild/android-sdk-linux/platform-tools/adb shell cat /data/data/org.torproject.torbrowser_nightly/app_torservice/torrc
AutomapHostsOnResolve 1
ControlPortWriteToFile /data/data/org.torproject.torbrowser_nightly/app_torservice/lib/tor/control.txt
ControlPort auto
CookieAuthentication 1 
CookieAuthFile /data/data/org.torproject.torbrowser_nightly/app_torservice/lib/tor/control_auth_cookie
DisableNetwork 1
DNSPort 5400
HTTPTunnelPort 8218
ReducedConnectionPadding 1
RunAsDaemon 1
SafeSocks 0
SOCKSPort auto KeepAliveIsolateSOCKSAuth IPv6Traffic PreferIPv6
StrictNodes 0
TestSocks 0
TransPort 9140
UseBridges 0
VirtualAddrNetwork 10.192.0.0/10

As mentioned in #30284, we should cleanup other config options later, too.

comment:4 Changed 5 days ago by gk

Keywords: tbb-mobile TorBrowserTeam201905R added

Alright, what could go wrong: pushed to master (commit 619cf8e9c1826812936b491711f67107aaf24fe7) and maint-8.5 (commit a9fa9bf0e3bb67c235e677f02ac5f3a5b74dfb59).

Please create additional bugs for doing the remaining work here (I guess the patch should get as well into TOPL in the next iteration) and close the ticket.

comment:5 Changed 39 hours ago by sisbell

This issue also came up in the Orbot project in a commit that occurred after forking to tor-android-service

https://github.com/guardianproject/orbot/commit/12b91c44f3af675dd0db5a3bacbf232c0f8d61f4

Note: See TracTickets for help on using tickets.