A fresh compiled tor does not honor MaxCircuitDirtiness
I am having a strange behavior when compiling tor, it does not take into account the MaxCircuitDirtiness I have set in the configuration... nor the default value that is supposed to be 10 minutes.
In fact, it changes identity every 5 minutes!
I tried both the Ubuntu version (0.2.9.11) and the last official one from tor (0.3.1.18)
What is even stranger it that with the Ubuntu repo binary, it works fine.
Steps to reproduce:
- Start a Live Ubuntu 16.04.3 (x64 in my case) [so that the behavior is easy to reproduce]
Execute that script (as root... no problem we are in a Live session, all is gone in the end), it will install the necessary packages to compile (otherwise configure will complain on libevent-dev, then on libssl-dev), download sources and compile both versions.
cd /tmp echo 'deb-src http://archive.ubuntu.com/ubuntu/ xenial-updates universe' >>'/etc/apt/sources.list' apt-get update apt-get install -y libevent-core-2.0-5 libevent-extra-2.0-5 libevent-openssl-2.0-5 libevent-pthreads-2.0-5 libevent-dev libssl-doc zlib1g-dev libssl-dev gpg --keyserver keyserver.ubuntu.com --recv-keys 64792D67 gpg --no-default-keyring -a --export 64792D67 | gpg --no-default-keyring --keyring ~/.gnupg/trustedkeys.gpg --import - apt-get source tor cd "tor-0.2.9.11" ./configure make cd /tmp wget https://www.torproject.org/dist/tor-0.3.1.8.tar.gz tar xvzf tor-0.3.1.8.tar.gz cd "tor-0.3.1.8" ./configure make
You will have some warnings like:
ar: `u' modifier ignored since `D' is the default (see `U')
I am assuming these warnings are benign looking a 'u' and 'D' options in the man of ar. You will get both versions of tor compiled as documented by the README. Save them before rebooting.
Now whichever version you try, here is the output tracking the change of IP:
Set MaxCircuitDirtiness to 30 minutes for example with:
sudo echo "MaxCircuitDirtiness 1800" >>/etc/tor/torrc
Then test the ip we have through tor
$ while :; do line="$( date +%H:%M ) == $( curl -s http://whatismyip.akamai.com/ )"; echo "$line"; sleep 60; done 19:27 == 18.104.22.168 19:28 == 22.214.171.124 19:29 == 126.96.36.199 19:30 == 188.8.131.52 19:31 == 184.108.40.206 19:32 == 220.127.116.11 19:34 == 18.104.22.168 19:35 == 22.214.171.124 19:36 == 126.96.36.199 19:37 == 188.8.131.52 19:38 == 184.108.40.206 19:39 == 220.127.116.11 19:40 == 18.104.22.168 19:41 == 22.214.171.124 19:42 == 126.96.36.199 19:43 == 188.8.131.52 19:44 == 184.108.40.206 19:45 == 220.127.116.11 19:46 == 18.104.22.168 19:47 == 22.214.171.124 19:48 == 126.96.36.199
(This is done inside a VM with transparent proxying to Tor, see "middlebox").
We can see that it is changing ip exactly every 5 minutes.
When doing the same exit ip test with the stock binary version of Ubuntu that you get with:
sudo apt-get install tor
... all works well, it changes ip every 30 minutes as the configuration says.
Questions: So... is there a magic trick to compile so that MaxCircuitDirtiness is taken into account ? If so, that would be a documentation enhancement request. I am thinking something like a flag: compile for "debug"/compile for "production" -didn't find that in the documentation!
Should I ask instead on the Ubuntu Launchpad (apparently they are clever enough to have figured out a way to make it work!)
We can however notice a difference between the versions we compiled and the binary from Ubuntu repo: size! That is (I am guessing) because the tor we compiled has all the symbols. But if you do (which is undocumented!):
strip --strip-unneeded tor
you get about the same size of stock binary. Anyway, I don't think having the symbols should change behaviors -except in case you have very very little RAM, which is not my case!-
MaxCircuitDirtiness is not such a big issue per se, but I am afraid that if we have those kind of "silent tricky bugs" (nothing in the log of tor) when compiling ourselves, there might be other more serious bugs that could compromise anonymity.