Opened 8 years ago

Closed 8 years ago

Last modified 7 years ago

#4881 closed defect (fixed)

Relative paths for auth cookie

Reported by: atagar Owned by:
Priority: High Milestone: Tor: 0.2.2.x-final
Component: Core Tor/Tor Version:
Severity: Keywords: small-feature tor-relay
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

The COOKIEFILE attribute of PROTOCOLINFO responses are relative when we don't have an absolute path for our data directory. This is the case with TBB which is very problematic for controllers (vidalia only works because it shares the same working directory).

Section 3.21 of the control-spec specifies that the COOKIEFILE attribute is an absolute path so this is definitely a bug.

This is being moved from...
https://trac.torproject.org/projects/tor/ticket/1101

Child Tickets

Change History (10)

comment:1 Changed 8 years ago by atagar

Oops, nick asked me to mention his branch 'absolute_cookie_file'...
https://gitweb.torproject.org/nickm/tor.git/shortlog/refs/heads/absolute_cookie_file

comment:2 Changed 8 years ago by nickm

Keywords: small-feature added
Milestone: Tor: 0.2.2.x-final
Status: newneeds_review

Yes, please review that branch. It's pretty simple. My only worry here is that if we have RunAsDaemon enabled, we might act wrongly because of the chdir(), but if so, that's a problem with other filenames too.

comment:3 Changed 8 years ago by atagar

Looks good to me. Minor thing but when you merge please let me know the version were this will first appear since I need to track that for...
https://trac.torproject.org/projects/tor/wiki/doc/stem#TorWorkaroundDeprecations

Thanks! -Damian

comment:4 Changed 8 years ago by nickm

(Damian has said he'll test it in the next day or two, so I'm holding off on the merge.)

comment:5 Changed 8 years ago by atagar

Yup, works - thanks for the fix!

atagar@morrigan:~$ cat .tor/torrc_relative 
SocksPort 0
ControlPort 9051
CookieAuthentication 1
DataDirectory ./tor_data

atagar@morrigan:~$ telnet localhost 9051
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
PROTOCOLINFO
250-PROTOCOLINFO 1
250-AUTH METHODS=COOKIE COOKIEFILE="/home/atagar/.tor/control_auth_cookie"
250-VERSION Tor="0.2.3.10-alpha-dev"
250 OK

514 Authentication required.
Connection closed by foreign host.

When I cd to tor's location and start via "./tor -f ~/.tor/torrc_relative" it had an extra period in the response, but that doesn't hurt anything...

250-AUTH METHODS=COOKIE COOKIEFILE="/home/atagar/Desktop/tor/tor/src/or/./tor_data/control_auth_cookie"

I reported this issue on 1101 because it's both triggered by the same use case (a relative data directory path) and the fix I thought we would go with are the same (making tor internally track the data directory as an absolute path).

We can certainly keep playing whack-a-mole with data directory path derived attributes, but wouldn't it be better to change this in 'options_get_datadir_fname2_suffix' in config.c or wherever we set options->DataDirectory?

comment:6 Changed 8 years ago by atagar

Oh, oops - confused torrcs. It always reports a period with relative paths and that first response should have been...

250-AUTH METHODS=COOKIE COOKIEFILE="/home/atagar/./tor_data/control_auth_cookie"

Still not a problem though.

comment:7 in reply to:  5 Changed 8 years ago by nickm

Resolution: fixed
Status: needs_reviewclosed

Great; merging. The next release will be 0.2.3.11-alpha, so that should be the first one with this fix.

Replying to atagar:

I reported this issue on 1101 because it's both triggered by the same use case (a relative data directory path) and the fix I thought we would go with are the same (making tor internally track the data directory as an absolute path).

We can certainly keep playing whack-a-mole with data directory path derived attributes, but wouldn't it be better to change this in 'options_get_datadir_fname2_suffix' in config.c or wherever we set options->DataDirectory?

Maybe in 0.2.4.x; it seems like a good idea to me, but it would affect a lot of things throughout the code, and I hate making changes with pervasive effects this late in the release cycle. It's always the commits where I can't see how they would possibly break anything that wind up breaking something weirdly, badly. I'll open another ticket for that one.

comment:8 Changed 8 years ago by nickm

The "another ticket" is now #4885

comment:9 Changed 7 years ago by nickm

Keywords: tor-relay added

comment:10 Changed 7 years ago by nickm

Component: Tor RelayTor
Note: See TracTickets for help on using tickets.