Draft: Bug 10439&42714: Allow the tor daemon to choose a port for TCP and optionally use it for Android

Merge Info

Related Issues

• tor-launcher#10439 (moved) (#40930)
• #42714
• mullvad-browser#xxxxx
• tor-browser-build#xxxxx

Backporting

Timeline

• Immediate: patchset needed as soon as possible
• Next Minor Stable Release: patchset that needs to be verified in nightly before backport
• Eventually: patchset that needs to be verified in alpha before backport
• No Backport (preferred): patchset for the next major stable

(Optional) Justification

• Emergency security update: patchset fixes CVEs, 0-days, etc
• Censorship event: patchset enables censorship circumvention
• Critical bug-fix: patchset fixes a bug in core-functionality
• Consistency: patchset which would make development easier if it were in both the alpha and release branches; developer tools, build system changes, etc
• Sponsor required: patchset required for sponsor
• Localization: typos and other localization changes that should be also in the release branch
• Other: please explain

Merging

• Merge to tor-browser - !fixups to tor-browser-specific commits, new features, security backports
• Merge to base-browser - !fixups to base-browser-specific commits, new features to be shared with mullvad-browser, and security backports
  • NOTE: if your changeset includes patches to both base-browser and tor-browser please clearly label in the change description which commits should be cherry-picked to base-browser after merging

Issue Tracking

• Link resolved issues with appropriate Release Prep issue for changelog generation

Review

Request Reviewer

• Request review from an applications developer depending on modified system:
  • @henry for the shared Tor integration part
  • @dan/@clairehurst for the Android part

/cc @morgan

Change Description

This MR does two things:

1. Allows tor to choose the SOCKS port when using TCP. Right now it isn't the default behavior so that we can test it (and, more concretely, because of #42062). This mechanism is triggered for example with TOR_SOCKS_PORT=-1
2. Allow to use a TCP listener in addition to the SOCKS one on Android, by setting extensions.torlauncher.socks_port_use_tcp (this old-sounding name mimics extensions.torlauncher.socks_port_use_ipc, I can change it if you prefer)

Security concern: the network.proxy.socks_port preference might remain outdated for a while, and another process listening on the port might intercept requests if things go badly.

This happens also if a process is already listening on port 9150 though...

Maybe we can set the pref to port 0 if we detect that automatic port was chosen until we have an actual port number.

Also, I decided that the old behavior of port 0 -> 9150 didn't make sense eventually (we set port 9150 by default in 000-tor-browser.js, no port 0...). So, port 0 also means automatic now, but I can revert if we really want to keep the old behavior.

For Android, Unix socket is still the default as it'd be really great if we found why it isn't working for some people, rather than lowering the linkability barrier for everyone else. At least, Tor Browser always uses SOCKS isolation, so at the end of the day the linkability concern should be less bad.

How Tested

Tested on desktop:

TOR_SOCKS_PORT=-1 ./start-tor-browser -v

1. the connection still works
2. check.torproject.org says you're using the Tor network
3. on the Tor logs/the browser console you get a random number (initially it might be 127.0.0.1:0, it changes when you run the bootstrap)
4. you get the same port in network.proxy.socks_port
5. canceling and restarting the bootstrap updates the port/has the same desired outcome

Notice: the random port will stay forever, unless you reset network.proxy.socks_port after this!

Tested on Android:

1. Bootstrap once to be able to reach about:config
2. Set extensions.torlauncher.socks_port_use_tcp to true in about:config
3. Restart the app
4. Bootstrap again
5. Check the port number in the logs and in about:config (network.proxy.socks_port)
6. Check that everything is okay on check.torprojcet.org
7. Set extensions.torlauncher.socks_port_use_tcp to false or remove it
8. Restart the app
9. Check that the app is now using a Unix socket again (network.proxy.socks looks like a path with /data/...)