The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2022-02-07T19:38:32Zhttps://gitlab.torproject.org/tpo/core/tor/-/issues/29134Document the max number of v3 client auths I can make2022-02-07T19:38:32ZpastlyDocument the max number of v3 client auths I can makeI'm testing out v3 onion service client auth. I couldn't find a documented maximum number of clients I can authorize for a single onion service, so I tried a really big number (400).
Full log here: https://paste.debian.net/1061430/ and ...I'm testing out v3 onion service client auth. I couldn't find a documented maximum number of clients I can authorize for a single onion service, so I tried a really big number (400).
Full log here: https://paste.debian.net/1061430/ and first bit here:
```
matt@spacecow:~/src/tor$ ./src/app/tor -f torrc-server
Jan 19 13:34:11.635 [notice] Tor 0.3.5.7 (git-9beb085c10562a25) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.1.0j, Zlib 1.2.8, Liblzma N/A, and Libzstd N/A.
Jan 19 13:34:11.635 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Jan 19 13:34:11.635 [notice] Read configuration file "/home/matt/src/tor/torrc-server".
Jan 19 13:34:11.640 [warn] Path for DataDirectory (data-server) is relative and will resolve to /home/matt/src/tor/data-server. Is this what you wanted?
Jan 19 13:34:11.640 [warn] Path for PidFile (data-server/tor.pid) is relative and will resolve to /home/matt/src/tor/data-server/tor.pid. Is this what you wanted?
Jan 19 13:34:11.640 [warn] Path for HiddenServiceDir (data-server/onion_service) is relative and will resolve to /home/matt/src/tor/data-server/onion_service. Is this what you wanted?
Jan 19 13:34:11.641 [warn] Your log may contain sensitive information - you disabled SafeLogging. Don't log unless it serves an important reason. Overwrite the log afterwards.
Jan 19 13:34:11.666 [notice] Bootstrapped 0%: Starting
Jan 19 13:34:11.948 [notice] Starting with guard context "default"
Jan 19 13:34:12.666 [notice] Bootstrapped 10%: Finishing handshake with directory server
Jan 19 13:34:12.666 [notice] Bootstrapped 80%: Connecting to the Tor network
Jan 19 13:34:12.722 [notice] Bootstrapped 90%: Establishing a Tor circuit
Jan 19 13:34:13.048 [notice] Bootstrapped 100%: Done
Jan 19 13:34:14.676 [warn] We just made an HS descriptor that's too big (54736).Failing.
Jan 19 13:34:14.676 [warn] tor_bug_occurred_(): Bug: src/feature/hs/hs_service.c:2828: upload_descriptor_to_hsdir: Non-fatal assertion !(service_encode_descriptor(service, desc, &desc->signing_kp, &encoded_desc) < 0) failed. (on Tor 0.3.5.7 9beb085c10562a25)
Jan 19 13:34:14.677 [warn] Bug: Non-fatal assertion !(service_encode_descriptor(service, desc, &desc->signing_kp, &encoded_desc) < 0) failed in upload_descriptor_to_hsdir at src/feature/hs/hs_service.c:2828. Stack trace: (on Tor 0.3.5.7 9beb085c10562a25)
Jan 19 13:34:14.677 [warn] Bug: ./src/app/tor(log_backtrace_impl+0x47) [0x564e05c29297] (on Tor 0.3.5.7 9beb085c10562a25)
Jan 19 13:34:14.677 [warn] Bug: ./src/app/tor(tor_bug_occurred_+0xc0) [0x564e05c24930] (on Tor 0.3.5.7 9beb085c10562a25)
Jan 19 13:34:14.677 [warn] Bug: ./src/app/tor(hs_service_run_scheduled_events+0x1d6a) [0x564e05b4c5ca] (on Tor 0.3.5.7 9beb085c10562a25)
Jan 19 13:34:14.677 [warn] Bug: ./src/app/tor(+0x65e71) [0x564e05aa7e71] (on Tor 0.3.5.7 9beb085c10562a25)
Jan 19 13:34:14.677 [warn] Bug: ./src/app/tor(+0x697e1) [0x564e05aab7e1] (on Tor 0.3.5.7 9beb085c10562a25)
Jan 19 13:34:14.677 [warn] Bug: /usr/lib/x86_64-linux-gnu/libevent-2.0.so.5(event_base_loop+0x6a0) [0x7f19b89755a0] (on Tor 0.3.5.7 9beb085c10562a25)
Jan 19 13:34:14.677 [warn] Bug: ./src/app/tor(do_main_loop+0x9d) [0x564e05aab21d] (on Tor 0.3.5.7 9beb085c10562a25)
Jan 19 13:34:14.677 [warn] Bug: ./src/app/tor(tor_run_main+0x1215) [0x564e05a990a5] (on Tor 0.3.5.7 9beb085c10562a25)
Jan 19 13:34:14.677 [warn] Bug: ./src/app/tor(tor_main+0x3a) [0x564e05a962ca] (on Tor 0.3.5.7 9beb085c10562a25)
Jan 19 13:34:14.677 [warn] Bug: ./src/app/tor(main+0x19) [0x564e05a95e49] (on Tor 0.3.5.7 9beb085c10562a25)
Jan 19 13:34:14.677 [warn] Bug: /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1) [0x7f19b7ac12e1] (on Tor 0.3.5.7 9beb085c10562a25)
Jan 19 13:34:14.677 [warn] Bug: ./src/app/tor(_start+0x2a) [0x564e05a95e9a] (on Tor 0.3.5.7 9beb085c10562a25)
```
I didn't expect to be allowed an unlimited number of client authorizations, but I do expect Tor to handle too many more gracefully.
```
matt@spacecow:~/src/tor$ cat torrc-server
DataDirectory data-server
Log notice file data-server/notice.log
Log notice stdout
PidFile data-server/tor.pid
SocksPort 0
SafeLogging 0
LogTimeGranularity 1
HiddenServiceDir data-server/onion_service
HiddenServicePort 80 11223
```
```
matt@spacecow:~/src/tor$ cat torrc-client
DataDirectory data-client
Log notice file data-client/notice.log
Log notice stdout
PidFile data-client/tor.pid
SocksPort auto
SafeLogging 0
LogTimeGranularity 1
ClientOnionAuthDir data-client/v3onionauth
```
I wrote a script to generate a ton of .auth and .auth_private files.
1. Start the server's tor with DisableNetwork set, wait for it to bootstrap, then stop it. Grab the hostname of the onion service
2. Use this script (https://paste.debian.net/1061432/) to generate a bunch of .auth and .auth_private files. For example:
```
matt@spacecow:~/src/python-snippits/src ./x25519-gen.py \
> ck7vkjy5dfk4dh564wnhqrdhmeh4qrnnkmo5tdwu4n7wickkhbzrb7yd \
> 400 \
> ~/src/tor/data-server/onion_service/authorized_clients/ \
> ~/src/tor/data-client/v3onionauth/
```
3. Then remove DisableNetwork and start the server. It produces the above buggy logshttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40579Check for `file` command in Tor Browser start script before using it2022-07-13T23:34:14ZGeorg KoppenCheck for `file` command in Tor Browser start script before using itIn `start-tor-browser` we do
```
SYSARCHITECTURE=$(getconf LONG_BIT)
TORARCHITECTURE=$(expr "$(file TorBrowser/Tor/tor)" : '.*ELF \([[:digit:]]*\)')
if [ $SYSARCHITECTURE -ne $TORARCHITECTURE ]; then
complain "Wrong architecture? 32-...In `start-tor-browser` we do
```
SYSARCHITECTURE=$(getconf LONG_BIT)
TORARCHITECTURE=$(expr "$(file TorBrowser/Tor/tor)" : '.*ELF \([[:digit:]]*\)')
if [ $SYSARCHITECTURE -ne $TORARCHITECTURE ]; then
complain "Wrong architecture? 32-bit vs. 64-bit."
exit 1
fi
```
to bail out early in case users have downloaded a bundle for the wrong architecture. Now, it turns out that there are Linux distros out there (NixOS seems to be one of those) that don't find `file` that way. A fix for that would be to check for the existence of `file` and if we can't find it to note that we assume the user knows what they are doing and proceed anyway.https://gitlab.torproject.org/tpo/core/torspec/-/issues/15CIRC_BW is only for origin circuits2022-02-21T19:13:04ZteorCIRC_BW is only for origin circuitsThe CIRC_BW event is only sent for origin circuits:
https://github.com/torproject/torspec/blob/master/control-spec.txt#L2990
We should update the control spec:
https://lists.torproject.org/pipermail/tor-relays/2018-December/016696.htmlThe CIRC_BW event is only sent for origin circuits:
https://github.com/torproject/torspec/blob/master/control-spec.txt#L2990
We should update the control spec:
https://lists.torproject.org/pipermail/tor-relays/2018-December/016696.htmlhttps://gitlab.torproject.org/tpo/network-health/metrics/relay-search/-/issues/28681reflected XSS metrics.torproject.org2021-06-30T15:32:58ZTracreflected XSS metrics.torproject.orgHello! I have been found reflected XSS vulnerability on subdomain of torproject.
You should fix it :) Screenshot with easy exploit is attached to ticket.
If it possible, I will proud to get one more sticker pack ^^ .
```
https://metri...Hello! I have been found reflected XSS vulnerability on subdomain of torproject.
You should fix it :) Screenshot with easy exploit is attached to ticket.
If it possible, I will proud to get one more sticker pack ^^ .
```
https://metrics.torproject.org/rs.html#search/1337%22%3E%3Cimg%20src=x%20onerror=alert(1)%3E
```
the vector is:
**"><img src=x onerror=alert(1)>**
P0W3RING D1G1T4L R3S1S74NC3!
**Trac**:
**Username**: 0x539hhttps://gitlab.torproject.org/tpo/core/tor/-/issues/28597Document SOCKSPolicy better2022-02-07T19:38:32ZteorDocument SOCKSPolicy betterWe can improve the documentation for SOCKSPolicy:
* the default policy is accept all
* mention SOCKSPolicy in SOCKSPort and DNSPortWe can improve the documentation for SOCKSPolicy:
* the default policy is accept all
* mention SOCKSPolicy in SOCKSPort and DNSPorthttps://gitlab.torproject.org/tpo/core/chutney/-/issues/28228In Chutney's debug mode, dump all tor warning logs to stderr as soon as they ...2022-02-07T19:30:46ZteorIn Chutney's debug mode, dump all tor warning logs to stderr as soon as they appearCurrently we wait until the end, which isn't ideal.Currently we wait until the end, which isn't ideal.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/28201about:support help link directs to Firefox's support rather than Tor Browser's2023-01-05T16:35:22Ztraumschuleabout:support help link directs to Firefox's support rather than Tor Browser'stested in 11.5a13 still going to the Firefox domain (but the in-page branding is correct now)tested in 11.5a13 still going to the Firefox domain (but the in-page branding is correct now)https://gitlab.torproject.org/tpo/core/tor/-/issues/28097Get the actual Windows version from Kernel32.dll2022-02-07T19:39:00ZteorGet the actual Windows version from Kernel32.dllWindows 8.1 and later pretend to be Windows 8 (legacy/trac#28096).
If we want to display the real Windows version, we can use GetFileVersionInfo() to check the version of Kernel32.dll:
https://docs.microsoft.com/en-au/windows/desktop/Sy...Windows 8.1 and later pretend to be Windows 8 (legacy/trac#28096).
If we want to display the real Windows version, we can use GetFileVersionInfo() to check the version of Kernel32.dll:
https://docs.microsoft.com/en-au/windows/desktop/SysInfo/getting-the-system-versionhttps://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/53GetTor IPFS Provider2022-10-05T13:39:21ZTracGetTor IPFS ProviderI think IPFS could be a good provider by having support for downloading from multiple sources and while the clients don't work through Tor, there are many public gateways.
When attempting to find a list of public gateways, I found https...I think IPFS could be a good provider by having support for downloading from multiple sources and while the clients don't work through Tor, there are many public gateways.
When attempting to find a list of public gateways, I found https://github.com/ipfs/public-gateway-checker/blob/master/gateways.json .
I am not sure how the procedure could be automated, but manually it would work by installing ipfs, creating a folder for requested content, "ipfs add -r directory/" and going to https://example.com/ipfs/HASH (which was given by the previous command) to download it. Alternatively for single file "ipfs add -w file" so a directory is created for it preserving the filename instead of changing it to the hash when downloading.
Volunteers could also host the content by using "ipfs pin add HASH" possibly reducing server load.
**Trac**:
**Username**: Mkaysihttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40578Add README to Tor Browser2023-01-05T14:22:24ZtraumschuleAdd README to Tor BrowserI am struck that there is none.
```
tor-browser8.5a1$ find |grep -i readme
./Browser/TorBrowser/Docs/Obfsproxy/README
./Browser/TorBrowser/Docs/fteproxy/README.md
./Browser/TorBrowser/Docs/meek/README
./Browser/TorBrowser/Docs/libfte/RE...I am struck that there is none.
```
tor-browser8.5a1$ find |grep -i readme
./Browser/TorBrowser/Docs/Obfsproxy/README
./Browser/TorBrowser/Docs/fteproxy/README.md
./Browser/TorBrowser/Docs/meek/README
./Browser/TorBrowser/Docs/libfte/README.md
./Browser/TorBrowser/Docs/snowflake/README.md
```https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/27483Onboarding: dialog closure is effectively treated as "read", causing screen a...2023-01-05T17:28:35ZdmrOnboarding: dialog closure is effectively treated as "read", causing screen advancementFor the first few screens in Onboarding:
Clicking anything outside the box in Onboarding closes the box //AND appears to mark the current screen as "read"//, thus changing the Onboarding experience to pop up the next screen when someone ...For the first few screens in Onboarding:
Clicking anything outside the box in Onboarding closes the box //AND appears to mark the current screen as "read"//, thus changing the Onboarding experience to pop up the next screen when someone opens it again. //This could be bad if the user doesn't actually read the screen before that, and doesn't recognize the Onboarding flow and go back to that screen.//
This seems to stop at "Circuit Display", probably because the "(not really) Next" button there does something other than advance the Onboarding screen.
Or maybe, alternatively, the first few screens are just auto-marked as "read". If that's the case, consider changing that to happen on button click / navigation.
(Encountered in TB 8.0)https://gitlab.torproject.org/tpo/core/tor/-/issues/27317document that setting RelayBandwidthRate changes RelayBandwidthBurst2022-09-28T22:11:28ZTracdocument that setting RelayBandwidthRate changes RelayBandwidthBurstwhen setting RelayBandwidthRate I didn't expect that will also change
RelayBandwidthBurst (default: 0 according to the manpage)
I only realized it after connecting to the relay via Nyx. Nyx showed that
RelayBandwidthBurst is at the sa...when setting RelayBandwidthRate I didn't expect that will also change
RelayBandwidthBurst (default: 0 according to the manpage)
I only realized it after connecting to the relay via Nyx. Nyx showed that
RelayBandwidthBurst is at the same value as RelayBandwidthRate,
even though RelayBandwidthBurst does not appear in the torrc file
**Trac**:
**Username**: a_phttps://gitlab.torproject.org/tpo/core/tor/-/issues/27299hsv3: Clarify timing sources around hsv3 code2022-02-07T19:38:03ZGeorge Kadianakishsv3: Clarify timing sources around hsv3 codeA big source of bugs and confusions (e.g. legacy/trac#26980, legacy/trac#26930) in the HSv3 code stem from the fact that it uses various timing sources to compute time periods, SRV, etc. Some parts of the code use `time(NULL)`, others us...A big source of bugs and confusions (e.g. legacy/trac#26980, legacy/trac#26930) in the HSv3 code stem from the fact that it uses various timing sources to compute time periods, SRV, etc. Some parts of the code use `time(NULL)`, others use the current consensus valid-after, and others use the voting-schedule.
The code is currently not clear in which timing source is used in each case. As an example, some functions take as input `now` but they only use it to get a live consensus to use its valid-after, but that may confuse a reader that the `now` is used as the time source (e.g. `should_rotate_descriptors()` that caused the legacy/trac#26930 confusion).
We should try to clarify and improve the function signatures around the HSv3 codebase on this regard.https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40541`about:buildconfig` is missing configure options2023-01-05T14:22:16ZGeorg Koppen`about:buildconfig` is missing configure optionsFor some reason we are missing some configure options in `about:buildconfig` when building Tor Browser. On Windows e.g. --disable-stylo and --disable-jemalloc. This got reported on the blog (https://blog.torproject.org/comment/276031#com...For some reason we are missing some configure options in `about:buildconfig` when building Tor Browser. On Windows e.g. --disable-stylo and --disable-jemalloc. This got reported on the blog (https://blog.torproject.org/comment/276031#comment-276031)https://gitlab.torproject.org/tpo/core/tor/-/issues/26908make it more clear that torrc files should not contain any bridges in their M...2022-10-18T16:54:44Znusenumake it more clear that torrc files should not contain any bridges in their MyFamily lines
We improved this part of the documentation in the past but it is still not clear enough:
https://lists.torproject.org/pipermail/tor-relays/2018-July/015735.html
lets add:
"Do NOT add MyFamily lines to your bridge configuration files."...
We improved this part of the documentation in the past but it is still not clear enough:
https://lists.torproject.org/pipermail/tor-relays/2018-July/015735.html
lets add:
"Do NOT add MyFamily lines to your bridge configuration files."
to the torrc and MyFamily section of the man page.https://gitlab.torproject.org/tpo/core/torspec/-/issues/163We should make HSv3 desc upload less frequent2022-10-17T19:28:01ZGeorge KadianakisWe should make HSv3 desc upload less frequentWithout checking the source code right now, HSDirs are supposed to cache HS descriptors for the inscribed lifetime (3 hours), and HSv3s are supposed to upload descriptors at a random time between 1 and 2 hours (see `HS_SERVICE_NEXT_UPLOA...Without checking the source code right now, HSDirs are supposed to cache HS descriptors for the inscribed lifetime (3 hours), and HSv3s are supposed to upload descriptors at a random time between 1 and 2 hours (see `HS_SERVICE_NEXT_UPLOAD_TIME_MIN`).
This makes HSv3s upload descriptors more frequently than needed. For example, we could increase this to upload descriptors between 2 and 2.9 hours, to make HSv3s less intense on the network.
Someone should double check the above logic and make sure it won't cause issues, and implement it.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/26607subpixels: scroll properties leak entropy2023-11-04T00:26:47ZMark Smithsubpixels: scroll properties leak entropyAs of Firefox 55, the `window.pageYOffset`, `pageXOffset`, `scrollX`, and `scrollY` properties now return data with subpixel accuracy. We think this means "half pixels on a macOS Retina or other high resolution display." We should deter...As of Firefox 55, the `window.pageYOffset`, `pageXOffset`, `scrollX`, and `scrollY` properties now return data with subpixel accuracy. We think this means "half pixels on a macOS Retina or other high resolution display." We should determine if this adds any fingerprinting risks (and whether the values returned are already rounded when `privacy.resistFingerprinting` is set to `true`). See:
https://bugzilla.mozilla.org/show_bug.cgi?id=1151421https://gitlab.torproject.org/tpo/core/torspec/-/issues/22Replace ArgumentCharValue with ValueChar in dir-spec and bandwidth-file-spec2022-02-21T19:13:04ZteorReplace ArgumentCharValue with ValueChar in dir-spec and bandwidth-file-specHaving ArgumentChar and ArgumentCharValue is confusing, see:
https://trac.torproject.org/projects/tor/ticket/26541#comment:15Having ArgumentChar and ArgumentCharValue is confusing, see:
https://trac.torproject.org/projects/tor/ticket/26541#comment:15https://gitlab.torproject.org/tpo/web/community/-/issues/164I think that is a part of the relay guide that we can improve (teor)2022-01-20T19:11:28ZcypherpunksI think that is a part of the relay guide that we can improve (teor)https://lists.torproject.org/pipermail/tor-relays/2018-June/015527.html
```
I think that is a part of the relay guide that we can improve:
Relays exist so that clients can use the network.
Consensus flags exist so that clients can use ...https://lists.torproject.org/pipermail/tor-relays/2018-June/015527.html
```
I think that is a part of the relay guide that we can improve:
Relays exist so that clients can use the network.
Consensus flags exist so that clients can use the network efficiently.
Bandwidth weights are assigned so that clients can use the network efficiently.
```https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/26557Regression in keyboard fingerprinting2022-11-30T16:51:48ZTracRegression in keyboard fingerprintingI just compared fingerprinting protection between 8.0a8 and 8.0a9. There appears to be a regression when it comes to key combination with AtlGraph.
My system:
OS: Whonix 14 (Debian stretch) on Qubes OS 4.0
Keyboard layout: Neo (https:/...I just compared fingerprinting protection between 8.0a8 and 8.0a9. There appears to be a regression when it comes to key combination with AtlGraph.
My system:
OS: Whonix 14 (Debian stretch) on Qubes OS 4.0
Keyboard layout: Neo (https://neo-layout.org/index_en.html)
For testing I used https://arthuredelstein.github.io/tordemos/keyboard.html.
There are several keys that have regressed:
== Numbers
When typing the number 0 using the key pad on layer 4 ('<' + space) I observe this differences:
8.0a8: code: Digit0, modifierState: empty
8.0a9: code: Space, modifierState: AltGraph
Similarly, other numbers, when typing using the number pad on layer 4, show the actual key that was pressed (KeyM, KeyJ, KeyU, …) instead of DigitX.
== Navigation Keys
Arrow up:
8.0a8: code: ArrowUp, modifierState: empty
8.0a9: code: ArrowUp, modifierState: AltGraph
The modifier leaks with many of the keys on layer 4. Including, all arrow keys, escape, home, end, delete, back and comma. Interestingly, period and colon don't leak the modifier.
I also noticed that colon is recognized as semicolon (on all layers) but that's also the case in older Tor Browser version.
**Trac**:
**Username**: pege