[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #12585 [Tor]: Implement new option SocksSocket
#12585: Implement new option SocksSocket
-------------------------+---------------------
Reporter: ioerror | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: Tor | Version:
Keywords: | Actual Points:
Parent ID: | Points:
-------------------------+---------------------
Hi,
I've implemented a new way for client applications to speak to Tor. I
wanted to lock down applications like web browsers to ensure that they
cannot even make AF_INET or AF_INET6 sockets. There is one problem: all
those clients need AF_INET to talk to Tor! This patch fixes this issue -
if a client is able to make an AF_UNIX socket and it talks to a Tor that
supports AF_UNIX, it will be able to use SOCKS to connect to the internet.
I plan to write a patch to torsocks to implement this as a generic client.
Later, I suspect we can add support to other applications very easily and
then we can lock down those applications or even entire unix uids from
being able to make AF_INET/AF_INET6 sockets.
This helps us with AppArmor like issues - AppArmor doesn't have the
ability to permit traffic to 127.0.0.1:9050 and to deny it for other
addresses. With this implementation, we can simply deny all AF_INET and
the application can still communicate with Tor as long as it has AF_UNIX
permissions.
This also helps us with iptables issues - there are no generally open
TCP/IP sockets for anyone who is able to connect to (for example)
127.0.0.1:9050 - we can control who can read and write to the SocksSocket
with unix uid/gid controls.
I've spent about two days testing (on Tails 1.0.1) these patches and
loading it with the following configuration file:
{{{
Socks5Proxy 127.0.0.1:9050
WarnUnsafeSocks 0
SocksPort 0
Log debug stderr
SocksSocket /tmp/testing/SocksSocket
SocksSocket /tmp/testing/SocksSocket1
SocksSocket /tmp/testing/SocksSocket2
SocksSocket /tmp/testing/SocksSocket3
AvoidDiskWrites 1
}}}
I've been running it in valgrind like so:
{{{
valgrind --log-file=/tmp/SocksSocket-valgrind-005-with-three-
SocksSockets.log -v --leak-check=full --track-origins=yes ./src/or/tor -f
torrc.test
}}}
As I haven't yet implemented the torsocks client side of this, I've been
using socat like so:
{{{
socat -v UNIX-CONNECT:/tmp/testing/SocksSocket TCP-
LISTEN:6667,fork,RETRY,reuseaddr,end-close;
}}}
Finally, I use curl like so to fetch a web page through this totally
convoluted mess of AF_*:
{{{
curl --socks5-hostname 127.0.0.1:6667 https://check.torproject.org;
}}}
Valgrind reports the following:
{{{
==15187== Memcheck, a memory error detector
==15187== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al.
==15187== Using Valgrind-3.6.0.SVN-Debian and LibVEX; rerun with -h for
copyright info
==15187== Command: ./src/or/tor -f torrc.test
==15187== Parent PID: 29356
==15187==
--15187--
--15187-- Valgrind options:
--15187-- --suppressions=/usr/lib/valgrind/debian-libc6-dbg.supp
--15187-- --log-file=/tmp/SocksSocket-valgrind-005-with-three-
SocksSockets.log
--15187-- -v
--15187-- --leak-check=full
--15187-- --track-origins=yes
--15187-- Contents of /proc/version:
--15187-- Linux version 3.14-1-amd64 (debian-kernel@xxxxxxxxxxxxxxxx)
(gcc version 4.8.3 (Debian 4.8.3-2) ) #1 SMP Debian 3.14.5-1 (2014-06-05)
--15187-- Arch and hwcaps: X86, x86-sse1-sse2
--15187-- Page sizes: currently 4096, max supported 4096
--15187-- Valgrind library directory: /usr/lib/valgrind
--15187-- Reading syms from /home/amnesia/Persistent/src/tor/src/or/tor
(0x108000)
--15187-- Reading syms from /lib/ld-2.11.3.so (0x4400000)
--15187-- Considering /lib/ld-2.11.3.so ..
--15187-- .. CRC mismatch (computed 19231304 wanted 2b6c260a)
--15187-- Considering /usr/lib/debug/lib/ld-2.11.3.so ..
--15187-- .. CRC is valid
--15187-- Reading syms from /usr/lib/valgrind/memcheck-x86-linux
(0x38000000)
--15187-- object doesn't have a dynamic symbol table
--15187-- Reading suppressions file: /usr/lib/valgrind/debian-
libc6-dbg.supp
--15187-- Reading suppressions file: /usr/lib/valgrind/default.supp
--15187-- REDIR: 0x4416490 (index) redirected to 0x3803eda3
(vgPlain_x86_linux_REDIR_FOR_index)
--15187-- Reading syms from /usr/lib/valgrind/vgpreload_core-x86-linux.so
(0xabcb000)
--15187-- Reading syms from
/usr/lib/valgrind/vgpreload_memcheck-x86-linux.so (0xabd1000)
==15187== WARNING: new redirection conflicts with existing -- ignoring it
--15187-- new: 0x04416490 (index ) R-> 0x0abd4cb0 index
--15187-- REDIR: 0x4416670 (strlen) redirected to 0xabd50f0 (strlen)
--15187-- Reading syms from /usr/lib/libz.so.1.2.3.4 (0xccc3000)
--15187-- Considering /usr/lib/libz.so.1.2.3.4 ..
--15187-- .. CRC mismatch (computed 7be92cfa wanted 329326cb)
--15187-- object doesn't have a symbol table
--15187-- Reading syms from /lib/libm-2.11.3.so (0xccdf000)
--15187-- Considering /lib/libm-2.11.3.so ..
--15187-- .. CRC mismatch (computed 0116a1b2 wanted cca4fc2f)
--15187-- Considering /usr/lib/debug/lib/libm-2.11.3.so ..
--15187-- .. CRC is valid
--15187-- Reading syms from /usr/lib/libevent-1.4.so.2.1.3 (0xcd09000)
--15187-- object doesn't have a symbol table
--15187-- Reading syms from /usr/lib/i686/cmov/libssl.so.0.9.8 (0xcd20000)
--15187-- Considering /usr/lib/i686/cmov/libssl.so.0.9.8 ..
--15187-- .. CRC mismatch (computed 7cd446f3 wanted 6aaecd6b)
--15187-- object doesn't have a symbol table
--15187-- Reading syms from /usr/lib/i686/cmov/libcrypto.so.0.9.8
(0xcd70000)
--15187-- Considering /usr/lib/i686/cmov/libcrypto.so.0.9.8 ..
--15187-- .. CRC mismatch (computed a803f391 wanted 934b1db6)
--15187-- object doesn't have a symbol table
--15187-- Reading syms from /lib/librt-2.11.3.so (0xcecd000)
--15187-- Considering /lib/librt-2.11.3.so ..
--15187-- .. CRC mismatch (computed 11db8d18 wanted 4837ea6c)
--15187-- Considering /usr/lib/debug/lib/librt-2.11.3.so ..
--15187-- .. CRC is valid
--15187-- Reading syms from /lib/libdl-2.11.3.so (0xceda000)
--15187-- Considering /lib/libdl-2.11.3.so ..
--15187-- .. CRC mismatch (computed 3740dd8b wanted 09c06eb3)
--15187-- Considering /usr/lib/debug/lib/libdl-2.11.3.so ..
--15187-- .. CRC is valid
--15187-- Reading syms from /lib/libc-2.11.3.so (0xcede000)
--15187-- Considering /lib/libc-2.11.3.so ..
--15187-- .. CRC mismatch (computed 4ef5e22d wanted 481f3942)
--15187-- Considering /usr/lib/debug/lib/libc-2.11.3.so ..
--15187-- .. CRC is valid
--15187-- Reading syms from /lib/libpthread-2.11.3.so (0xd027000)
--15187-- Considering /lib/libpthread-2.11.3.so ..
--15187-- .. CRC mismatch (computed d08a9725 wanted 0065618d)
--15187-- Considering /usr/lib/debug/lib/libpthread-2.11.3.so ..
--15187-- .. CRC is valid
--15187-- Reading syms from /lib/libnsl-2.11.3.so (0xd040000)
--15187-- Considering /lib/libnsl-2.11.3.so ..
--15187-- .. CRC mismatch (computed 65a29afd wanted f8853f76)
--15187-- Considering /usr/lib/debug/lib/libnsl-2.11.3.so ..
--15187-- .. CRC is valid
--15187-- Reading syms from /lib/libresolv-2.11.3.so (0xd05b000)
--15187-- Considering /lib/libresolv-2.11.3.so ..
--15187-- .. CRC mismatch (computed 66a703f9 wanted 6378a0ac)
--15187-- Considering /usr/lib/debug/lib/libresolv-2.11.3.so ..
--15187-- .. CRC is valid
--15187-- REDIR: 0xcf50950 (index) redirected to 0xabd4c20 (index)
--15187-- REDIR: 0xcf52750 (memchr) redirected to 0xabd5830 (memchr)
--15187-- REDIR: 0xcf513f0 (rindex) redirected to 0xabd4b60 (rindex)
--15187-- REDIR: 0xcf51040 (strlen) redirected to 0xabd50b0 (strlen)
--15187-- REDIR: 0xcf4d7c0 (malloc) redirected to 0xabd3ecb (malloc)
--15187-- REDIR: 0xcf52ed0 (memcpy) redirected to 0xabd5870 (memcpy)
--15187-- REDIR: 0xcf55830 (strchrnul) redirected to 0xabd6590 (strchrnul)
--15187-- REDIR: 0xcf4d6e0 (free) redirected to 0xabd3ae5 (free)
--15187-- REDIR: 0xcf52a20 (mempcpy) redirected to 0xabd6600 (mempcpy)
--15187-- REDIR: 0xcf4ced0 (calloc) redirected to 0xabd31af (calloc)
--15187-- Reading syms from /lib/libgcc_s.so.1 (0xd483000)
--15187-- Considering /lib/libgcc_s.so.1 ..
--15187-- .. CRC mismatch (computed 5efc9915 wanted ece5a7a0)
--15187-- object doesn't have a symbol table
--15187-- REDIR: 0xcf4e760 (realloc) redirected to 0xabd3f7a (realloc)
--15187-- REDIR: 0xcf51230 (strncmp) redirected to 0xabd55d0 (strncmp)
--15187-- REDIR: 0xcf52bd0 (stpcpy) redirected to 0xabd6120 (stpcpy)
--15187-- REDIR: 0xcf51310 (strncpy) redirected to 0xabd52f0 (strncpy)
--15187-- REDIR: 0xcf50ac0 (strcmp) redirected to 0xabd56b0 (strcmp)
--15187-- REDIR: 0xcf529c0 (memset) redirected to 0xabd64a0 (memset)
--15187-- REDIR: 0xcf50b40 (strcpy) redirected to 0xabd5130 (strcpy)
--15187-- REDIR: 0xcf55760 (rawmemchr) redirected to 0xabd65c0 (rawmemchr)
--15187-- REDIR: 0xcf52910 (memmove) redirected to 0xabd6510 (memmove)
--15187-- REDIR: 0xcfbc620 (__memcpy_chk) redirected to 0xabd69b0
(__memcpy_chk)
==15187== Conditional jump or move depends on uninitialised value(s)
==15187== at 0x1E8C04: connection_ap_expire_beginning
(connection_edge.c:600)
==15187== by 0x13669D: second_elapsed_callback (main.c:1501)
==15187== by 0x25E572: periodic_timer_cb (compat_libevent.c:538)
==15187== by 0xCD0EEE3: event_base_loop (in
/usr/lib/libevent-1.4.so.2.1.3)
==15187== by 0x1318E0: do_main_loop (main.c:2028)
==15187== by 0x133BDC: tor_main (main.c:2998)
==15187== by 0x12F7D2: main (tor_main.c:30)
==15187== Uninitialised value was created by a stack allocation
==15187== at 0x1DE763: connection_handle_listener_read
(connection.c:1454)
==15187==
--15187-- Discarding syms at 0xd485350-0xd49d738 in /lib/libgcc_s.so.1 due
to munmap()
==15187==
==15187== HEAP SUMMARY:
==15187== in use at exit: 3,565 bytes in 29 blocks
==15187== total heap usage: 353,781 allocs, 353,752 frees, 85,358,749
bytes allocated
==15187==
==15187== Searching for pointers to 29 not-freed blocks
==15187== Checked 276,744 bytes
==15187==
==15187== LEAK SUMMARY:
==15187== definitely lost: 0 bytes in 0 blocks
==15187== indirectly lost: 0 bytes in 0 blocks
==15187== possibly lost: 0 bytes in 0 blocks
==15187== still reachable: 3,565 bytes in 29 blocks
==15187== suppressed: 0 bytes in 0 blocks
==15187== Reachable blocks (those to which a pointer was found) are not
shown.
==15187== To see them, rerun with: --leak-check=full --show-reachable=yes
==15187==
==15187== ERROR SUMMARY: 660 errors from 1 contexts (suppressed: 37 from
12)
==15187==
==15187== 660 errors in context 1 of 1:
==15187== Conditional jump or move depends on uninitialised value(s)
==15187== at 0x1E8C04: connection_ap_expire_beginning
(connection_edge.c:600)
==15187== by 0x13669D: second_elapsed_callback (main.c:1501)
==15187== by 0x25E572: periodic_timer_cb (compat_libevent.c:538)
==15187== by 0xCD0EEE3: event_base_loop (in
/usr/lib/libevent-1.4.so.2.1.3)
==15187== by 0x1318E0: do_main_loop (main.c:2028)
==15187== by 0x133BDC: tor_main (main.c:2998)
==15187== by 0x12F7D2: main (tor_main.c:30)
==15187== Uninitialised value was created by a stack allocation
==15187== at 0x1DE763: connection_handle_listener_read
(connection.c:1454)
==15187==
--15187--
--15187-- used_suppression: 37 dl-hack3-cond-1
==15187==
==15187== ERROR SUMMARY: 660 errors from 1 contexts (suppressed: 37 from
12)
}}}
I think that other than that single conditional jump in
connection_ap_expire_beginning, there aren't any serious valgrind issues
that are related to my patch. Though I admit, I'm not entirely sure of why
that valgrind issue is showing up and I'm starting to dig into it now.
I've based my patch on 48d7fceee5e6041ccdd4316f51de0d6b5e1818ed; I'm happy
to rebase it if that is useful.
Feedback is appreciated!
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/12585>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs