Bug 10439&42714: Allow the tor daemon to choose a port for TCP and optionally use it for Android
Merge Info
Related Issues
- tor-launcher#10439 (moved) (#40930)
- #42714
- mullvad-browser#xxxxx
- tor-browser-build#xxxxx
Backporting
Timeline
-
Immediate: patchset needed as soon as possible -
Next Minor Stable Release: patchset that needs to be verified in nightly before backport -
Eventually: patchset that needs to be verified in alpha before backport -
No Backport (preferred): patchset for the next major stable
(Optional) Justification
-
Emergency security update: patchset fixes CVEs, 0-days, etc -
Censorship event: patchset enables censorship circumvention -
Critical bug-fix: patchset fixes a bug in core-functionality -
Consistency: patchset which would make development easier if it were in both the alpha and release branches; developer tools, build system changes, etc -
Sponsor required: patchset required for sponsor -
Localization: typos and other localization changes that should be also in the release branch -
Other: please explain
Merging
-
Merge to tor-browser
-!fixups
totor-browser
-specific commits, new features, security backports -
Merge to base-browser
-!fixups
tobase-browser
-specific commits, new features to be shared withmullvad-browser
, and security backports-
NOTE: if your changeset includes patches to both
base-browser
andtor-browser
please clearly label in the change description which commits should be cherry-picked tobase-browser
after merging
-
NOTE: if your changeset includes patches to both
Issue Tracking
-
Link resolved issues with appropriate Release Prep issue for changelog generation
Review
Request Reviewer
-
Request review from an applications developer depending on modified system: - @henry for the shared Tor integration part
- @dan/@clairehurst for the Android part
/cc @morgan
Change Description
This MR does two things:
- Allows tor to choose the SOCKS port when using TCP. Right now it isn't the default behavior so that we can test it (and, more concretely, because of #42062). This mechanism is triggered for example with
TOR_SOCKS_PORT=-1
- Allow to use a TCP listener in addition to the SOCKS one on Android, by setting
extensions.torlauncher.socks_port_use_tcp
(this old-sounding name mimicsextensions.torlauncher.socks_port_use_ipc
, I can change it if you prefer)
Security concern: the network.proxy.socks_port
preference might remain outdated for a while, and another process listening on the port might intercept requests if things go badly.
This happens also if a process is already listening on port 9150 though...
Maybe we can set the pref to port 0 if we detect that automatic port was chosen until we have an actual port number.
Also, I decided that the old behavior of port 0 -> 9150 didn't make sense eventually (we set port 9150 by default in 000-tor-browser.js
, no port 0...).
So, port 0 also means automatic now, but I can revert if we really want to keep the old behavior.
For Android, Unix socket is still the default as it'd be really great if we found why it isn't working for some people, rather than lowering the linkability barrier for everyone else. At least, Tor Browser always uses SOCKS isolation, so at the end of the day the linkability concern should be less bad.
How Tested
Tested on desktop:
TOR_SOCKS_PORT=-1 ./start-tor-browser -v
- the connection still works
- check.torproject.org says you're using the Tor network
- on the Tor logs/the browser console you get a random number (initially it might be
127.0.0.1:0
, it changes when you run the bootstrap) - you get the same port in
network.proxy.socks_port
- canceling and restarting the bootstrap updates the port/has the same desired outcome
Notice: the random port will stay forever, unless you reset network.proxy.socks_port
after this!
Tested on Android:
- Bootstrap once to be able to reach
about:config
- Set
extensions.torlauncher.socks_port_use_tcp
totrue
inabout:config
- Restart the app
- Bootstrap again
- Check the port number in the logs and in
about:config
(network.proxy.socks_port
) - Check that everything is okay on check.torprojcet.org
- Set
extensions.torlauncher.socks_port_use_tcp
tofalse
or remove it - Restart the app
- Check that the app is now using a Unix socket again (
network.proxy.socks
looks like a path with/data/...
)