[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #24350 [Core Tor/Tor]: A fresh compiled tor does not honor MaxCircuitDirtiness
#24350: A fresh compiled tor does not honor MaxCircuitDirtiness
------------------------------+--------------------
Reporter: Zakhar | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Core Tor/Tor | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------+--------------------
I am having a strange behavior when compiling tor, it does not take into
account the '''MaxCircuitDirtiness''' I have set in the configuration...
nor the default value that is supposed to be 10 minutes.
In fact, it changes identity '''every 5 minutes'''!
I tried both the Ubuntu version (0.2.9.11) and the last official one from
tor (0.3.1.18)
What is even stranger it that with the Ubuntu repo binary, it works fine.
Steps to reproduce:
* Start a Live Ubuntu 16.04.3 (x64 in my case) [so that the behavior is
easy to reproduce]
Execute that script (as root... no problem we are in a Live session, all
is gone in the end), it will install the necessary packages to compile
(otherwise configure will complain on libevent-dev, then on libssl-dev),
download sources and compile both versions.
{{{
#!/bin/sh
cd /tmp
echo 'deb-src http://archive.ubuntu.com/ubuntu/ xenial-updates universe'
>>'/etc/apt/sources.list'
apt-get update
apt-get install -y libevent-core-2.0-5 libevent-extra-2.0-5 libevent-
openssl-2.0-5 libevent-pthreads-2.0-5 libevent-dev libssl-doc zlib1g-dev
libssl-dev
gpg --keyserver keyserver.ubuntu.com --recv-keys 64792D67
gpg --no-default-keyring -a --export 64792D67 | gpg --no-default-keyring
--keyring ~/.gnupg/trustedkeys.gpg --import -
apt-get source tor
cd "tor-0.2.9.11"
./configure
make
cd /tmp
wget https://www.torproject.org/dist/tor-0.3.1.8.tar.gz
tar xvzf tor-0.3.1.8.tar.gz
cd "tor-0.3.1.8"
./configure
make
}}}
You will have some warnings like:
{{{
ar: `u' modifier ignored since `D' is the default (see `U')
}}}
I am assuming these warnings are benign looking a 'u' and 'D' options in
the man of ar.
You will get both versions of tor compiled as documented by the README.
Save them before rebooting.
Now whichever version you try, here is the output tracking the change of
IP:
Set '''MaxCircuitDirtiness''' to 30 minutes for example with:
{{{
sudo echo "MaxCircuitDirtiness 1800" >>/etc/tor/torrc
}}}
Then test the ip we have through tor
{{{
$ while :; do line="$( date +%H:%M ) == $( curl -s
http://whatismyip.akamai.com/ )"; echo "$line"; sleep 60; done
19:27 == 185.100.84.82
19:28 == 185.100.84.82
19:29 == 185.100.84.82
19:30 == 185.100.84.82
19:31 == 185.100.84.82
19:32 == 204.85.191.30
19:34 == 204.85.191.30
19:35 == 204.85.191.30
19:36 == 204.85.191.30
19:37 == 204.85.191.30
19:38 == 192.160.102.168
19:39 == 192.160.102.168
19:40 == 192.160.102.168
19:41 == 192.160.102.168
19:42 == 192.160.102.168
19:43 == 163.172.101.137
19:44 == 163.172.101.137
19:45 == 163.172.101.137
19:46 == 163.172.101.137
19:47 == 163.172.101.137
19:48 == 62.210.105.116
}}}
(This is done inside a VM with transparent proxying to Tor, see
"middlebox").
We can see that it is changing ip '''exactly''' every 5 minutes.
When doing the same exit ip test with the stock binary version of Ubuntu
that you get with:
{{{
sudo apt-get install tor
}}}
... all works well, it changes ip every 30 minutes as the configuration
says.
'''Questions:'''
So... is there a magic trick to compile so that MaxCircuitDirtiness is
taken into account ? If so, that would be a '''documentation enhancement
request'''. I am thinking something like a flag: compile for
"debug"/compile for "production" -didn't find that in the documentation!
Should I ask instead on the Ubuntu Launchpad (apparently they are clever
enough to have figured out a way to make it work!)
We can however notice a difference between the versions we compiled and
the binary from Ubuntu repo: '''size'''!
That is (I am guessing) because the tor we compiled has all the symbols.
But if you do (which is undocumented!):
{{{
strip --strip-unneeded tor
}}}
you get about the same size of stock binary. Anyway, I don't think having
the symbols should change behaviors -except in case you have very very
little RAM, which is not my case!-
MaxCircuitDirtiness is not such a big issue per se, but I am afraid that
if we have those kind of "silent tricky bugs" (nothing in the log of tor)
when compiling ourselves, there might be other more serious bugs that
could compromise anonymity.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24350>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs