Skip to content
GitLab
  • Explore
  • Sign in
  • Legacy
  • TracTrac
  • Issues
  • #12585

Implement new option SocksSocket

Hi,

I've implemented a new way for client applications to speak to Tor. I wanted to lock down applications like web browsers to ensure that they cannot even make AF_INET or AF_INET6 sockets. There is one problem: all those clients need AF_INET to talk to Tor! This patch fixes this issue - if a client is able to make an AF_UNIX socket and it talks to a Tor that supports AF_UNIX, it will be able to use SOCKS to connect to the internet.

I plan to write a patch to torsocks to implement this as a generic client. Later, I suspect we can add support to other applications very easily and then we can lock down those applications or even entire unix uids from being able to make AF_INET/AF_INET6 sockets.

This helps us with AppArmor like issues - AppArmor doesn't have the ability to permit traffic to 127.0.0.1:9050 and to deny it for other addresses. With this implementation, we can simply deny all AF_INET and the application can still communicate with Tor as long as it has AF_UNIX permissions.

This also helps us with iptables issues - there are no generally open TCP/IP sockets for anyone who is able to connect to (for example) 127.0.0.1:9050 - we can control who can read and write to the SocksSocket with unix uid/gid controls.

I've spent about two days testing (on Tails 1.0.1) these patches and loading it with the following configuration file:

Socks5Proxy 127.0.0.1:9050
WarnUnsafeSocks 0
SocksPort 0
Log debug stderr
SocksSocket /tmp/testing/SocksSocket
SocksSocket /tmp/testing/SocksSocket1
SocksSocket /tmp/testing/SocksSocket2
SocksSocket /tmp/testing/SocksSocket3
AvoidDiskWrites 1

I've been running it in valgrind like so:

valgrind --log-file=/tmp/SocksSocket-valgrind-005-with-three-SocksSockets.log -v --leak-check=full --track-origins=yes ./src/or/tor -f torrc.test 

As I haven't yet implemented the torsocks client side of this, I've been using socat like so:

socat -v UNIX-CONNECT:/tmp/testing/SocksSocket TCP-LISTEN:6667,fork,RETRY,reuseaddr,end-close;

Finally, I use curl like so to fetch a web page through this totally convoluted mess of AF_*:

curl --socks5-hostname 127.0.0.1:6667 https://check.torproject.org;

Valgrind reports the following:

==15187== Memcheck, a memory error detector
==15187== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al.
==15187== Using Valgrind-3.6.0.SVN-Debian and LibVEX; rerun with -h for copyright info
==15187== Command: ./src/or/tor -f torrc.test
==15187== Parent PID: 29356
==15187== 
--15187-- 
--15187-- Valgrind options:
--15187--    --suppressions=/usr/lib/valgrind/debian-libc6-dbg.supp
--15187--    --log-file=/tmp/SocksSocket-valgrind-005-with-three-SocksSockets.log
--15187--    -v
--15187--    --leak-check=full
--15187--    --track-origins=yes
--15187-- Contents of /proc/version:
--15187--   Linux version 3.14-1-amd64 (debian-kernel@lists.debian.org) (gcc version 4.8.3 (Debian 4.8.3-2) ) #1 SMP Debian 3.14.5-1 (2014-06-05)
--15187-- Arch and hwcaps: X86, x86-sse1-sse2
--15187-- Page sizes: currently 4096, max supported 4096
--15187-- Valgrind library directory: /usr/lib/valgrind
--15187-- Reading syms from /home/amnesia/Persistent/src/tor/src/or/tor (0x108000)
--15187-- Reading syms from /lib/ld-2.11.3.so (0x4400000)
--15187--   Considering /lib/ld-2.11.3.so ..
--15187--   .. CRC mismatch (computed 19231304 wanted 2b6c260a)
--15187--   Considering /usr/lib/debug/lib/ld-2.11.3.so ..
--15187--   .. CRC is valid
--15187-- Reading syms from /usr/lib/valgrind/memcheck-x86-linux (0x38000000)
--15187--    object doesn't have a dynamic symbol table
--15187-- Reading suppressions file: /usr/lib/valgrind/debian-libc6-dbg.supp
--15187-- Reading suppressions file: /usr/lib/valgrind/default.supp
--15187-- REDIR: 0x4416490 (index) redirected to 0x3803eda3 (vgPlain_x86_linux_REDIR_FOR_index)
--15187-- Reading syms from /usr/lib/valgrind/vgpreload_core-x86-linux.so (0xabcb000)
--15187-- Reading syms from /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so (0xabd1000)
==15187== WARNING: new redirection conflicts with existing -- ignoring it
--15187--     new: 0x04416490 (index               ) R-> 0x0abd4cb0 index
--15187-- REDIR: 0x4416670 (strlen) redirected to 0xabd50f0 (strlen)
--15187-- Reading syms from /usr/lib/libz.so.1.2.3.4 (0xccc3000)
--15187--   Considering /usr/lib/libz.so.1.2.3.4 ..
--15187--   .. CRC mismatch (computed 7be92cfa wanted 329326cb)
--15187--    object doesn't have a symbol table
--15187-- Reading syms from /lib/libm-2.11.3.so (0xccdf000)
--15187--   Considering /lib/libm-2.11.3.so ..
--15187--   .. CRC mismatch (computed 0116a1b2 wanted cca4fc2f)
--15187--   Considering /usr/lib/debug/lib/libm-2.11.3.so ..
--15187--   .. CRC is valid
--15187-- Reading syms from /usr/lib/libevent-1.4.so.2.1.3 (0xcd09000)
--15187--    object doesn't have a symbol table
--15187-- Reading syms from /usr/lib/i686/cmov/libssl.so.0.9.8 (0xcd20000)
--15187--   Considering /usr/lib/i686/cmov/libssl.so.0.9.8 ..
--15187--   .. CRC mismatch (computed 7cd446f3 wanted 6aaecd6b)
--15187--    object doesn't have a symbol table
--15187-- Reading syms from /usr/lib/i686/cmov/libcrypto.so.0.9.8 (0xcd70000)
--15187--   Considering /usr/lib/i686/cmov/libcrypto.so.0.9.8 ..
--15187--   .. CRC mismatch (computed a803f391 wanted 934b1db6)
--15187--    object doesn't have a symbol table
--15187-- Reading syms from /lib/librt-2.11.3.so (0xcecd000)
--15187--   Considering /lib/librt-2.11.3.so ..
--15187--   .. CRC mismatch (computed 11db8d18 wanted 4837ea6c)
--15187--   Considering /usr/lib/debug/lib/librt-2.11.3.so ..
--15187--   .. CRC is valid
--15187-- Reading syms from /lib/libdl-2.11.3.so (0xceda000)
--15187--   Considering /lib/libdl-2.11.3.so ..
--15187--   .. CRC mismatch (computed 3740dd8b wanted 09c06eb3)
--15187--   Considering /usr/lib/debug/lib/libdl-2.11.3.so ..
--15187--   .. CRC is valid
--15187-- Reading syms from /lib/libc-2.11.3.so (0xcede000)
--15187--   Considering /lib/libc-2.11.3.so ..
--15187--   .. CRC mismatch (computed 4ef5e22d wanted 481f3942)
--15187--   Considering /usr/lib/debug/lib/libc-2.11.3.so ..
--15187--   .. CRC is valid
--15187-- Reading syms from /lib/libpthread-2.11.3.so (0xd027000)
--15187--   Considering /lib/libpthread-2.11.3.so ..
--15187--   .. CRC mismatch (computed d08a9725 wanted 0065618d)
--15187--   Considering /usr/lib/debug/lib/libpthread-2.11.3.so ..
--15187--   .. CRC is valid
--15187-- Reading syms from /lib/libnsl-2.11.3.so (0xd040000)
--15187--   Considering /lib/libnsl-2.11.3.so ..
--15187--   .. CRC mismatch (computed 65a29afd wanted f8853f76)
--15187--   Considering /usr/lib/debug/lib/libnsl-2.11.3.so ..
--15187--   .. CRC is valid
--15187-- Reading syms from /lib/libresolv-2.11.3.so (0xd05b000)
--15187--   Considering /lib/libresolv-2.11.3.so ..
--15187--   .. CRC mismatch (computed 66a703f9 wanted 6378a0ac)
--15187--   Considering /usr/lib/debug/lib/libresolv-2.11.3.so ..
--15187--   .. CRC is valid
--15187-- REDIR: 0xcf50950 (index) redirected to 0xabd4c20 (index)
--15187-- REDIR: 0xcf52750 (memchr) redirected to 0xabd5830 (memchr)
--15187-- REDIR: 0xcf513f0 (rindex) redirected to 0xabd4b60 (rindex)
--15187-- REDIR: 0xcf51040 (strlen) redirected to 0xabd50b0 (strlen)
--15187-- REDIR: 0xcf4d7c0 (malloc) redirected to 0xabd3ecb (malloc)
--15187-- REDIR: 0xcf52ed0 (memcpy) redirected to 0xabd5870 (memcpy)
--15187-- REDIR: 0xcf55830 (strchrnul) redirected to 0xabd6590 (strchrnul)
--15187-- REDIR: 0xcf4d6e0 (free) redirected to 0xabd3ae5 (free)
--15187-- REDIR: 0xcf52a20 (mempcpy) redirected to 0xabd6600 (mempcpy)
--15187-- REDIR: 0xcf4ced0 (calloc) redirected to 0xabd31af (calloc)
--15187-- Reading syms from /lib/libgcc_s.so.1 (0xd483000)
--15187--   Considering /lib/libgcc_s.so.1 ..
--15187--   .. CRC mismatch (computed 5efc9915 wanted ece5a7a0)
--15187--    object doesn't have a symbol table
--15187-- REDIR: 0xcf4e760 (realloc) redirected to 0xabd3f7a (realloc)
--15187-- REDIR: 0xcf51230 (strncmp) redirected to 0xabd55d0 (strncmp)
--15187-- REDIR: 0xcf52bd0 (stpcpy) redirected to 0xabd6120 (stpcpy)
--15187-- REDIR: 0xcf51310 (strncpy) redirected to 0xabd52f0 (strncpy)
--15187-- REDIR: 0xcf50ac0 (strcmp) redirected to 0xabd56b0 (strcmp)
--15187-- REDIR: 0xcf529c0 (memset) redirected to 0xabd64a0 (memset)
--15187-- REDIR: 0xcf50b40 (strcpy) redirected to 0xabd5130 (strcpy)
--15187-- REDIR: 0xcf55760 (rawmemchr) redirected to 0xabd65c0 (rawmemchr)
--15187-- REDIR: 0xcf52910 (memmove) redirected to 0xabd6510 (memmove)
--15187-- REDIR: 0xcfbc620 (__memcpy_chk) redirected to 0xabd69b0 (__memcpy_chk)
==15187== Conditional jump or move depends on uninitialised value(s)
==15187==    at 0x1E8C04: connection_ap_expire_beginning (connection_edge.c:600)
==15187==    by 0x13669D: second_elapsed_callback (main.c:1501)
==15187==    by 0x25E572: periodic_timer_cb (compat_libevent.c:538)
==15187==    by 0xCD0EEE3: event_base_loop (in /usr/lib/libevent-1.4.so.2.1.3)
==15187==    by 0x1318E0: do_main_loop (main.c:2028)
==15187==    by 0x133BDC: tor_main (main.c:2998)
==15187==    by 0x12F7D2: main (tor_main.c:30)
==15187==  Uninitialised value was created by a stack allocation
==15187==    at 0x1DE763: connection_handle_listener_read (connection.c:1454)
==15187== 
--15187-- Discarding syms at 0xd485350-0xd49d738 in /lib/libgcc_s.so.1 due to munmap()
==15187== 
==15187== HEAP SUMMARY:
==15187==     in use at exit: 3,565 bytes in 29 blocks
==15187==   total heap usage: 353,781 allocs, 353,752 frees, 85,358,749 bytes allocated
==15187== 
==15187== Searching for pointers to 29 not-freed blocks
==15187== Checked 276,744 bytes
==15187== 
==15187== LEAK SUMMARY:
==15187==    definitely lost: 0 bytes in 0 blocks
==15187==    indirectly lost: 0 bytes in 0 blocks
==15187==      possibly lost: 0 bytes in 0 blocks
==15187==    still reachable: 3,565 bytes in 29 blocks
==15187==         suppressed: 0 bytes in 0 blocks
==15187== Reachable blocks (those to which a pointer was found) are not shown.
==15187== To see them, rerun with: --leak-check=full --show-reachable=yes
==15187== 
==15187== ERROR SUMMARY: 660 errors from 1 contexts (suppressed: 37 from 12)
==15187== 
==15187== 660 errors in context 1 of 1:
==15187== Conditional jump or move depends on uninitialised value(s)
==15187==    at 0x1E8C04: connection_ap_expire_beginning (connection_edge.c:600)
==15187==    by 0x13669D: second_elapsed_callback (main.c:1501)
==15187==    by 0x25E572: periodic_timer_cb (compat_libevent.c:538)
==15187==    by 0xCD0EEE3: event_base_loop (in /usr/lib/libevent-1.4.so.2.1.3)
==15187==    by 0x1318E0: do_main_loop (main.c:2028)
==15187==    by 0x133BDC: tor_main (main.c:2998)
==15187==    by 0x12F7D2: main (tor_main.c:30)
==15187==  Uninitialised value was created by a stack allocation
==15187==    at 0x1DE763: connection_handle_listener_read (connection.c:1454)
==15187== 
--15187-- 
--15187-- used_suppression:     37 dl-hack3-cond-1
==15187== 
==15187== ERROR SUMMARY: 660 errors from 1 contexts (suppressed: 37 from 12)

I think that other than that single conditional jump in connection_ap_expire_beginning, there aren't any serious valgrind issues that are related to my patch. Though I admit, I'm not entirely sure of why that valgrind issue is showing up and I'm starting to dig into it now.

I've based my patch on 48d7fceee5e6041ccdd4316f51de0d6b5e1818ed; I'm happy to rebase it if that is useful.

Feedback is appreciated!

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking