[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #12585 [Tor]: Implement new option SocksSocket



#12585: Implement new option SocksSocket
-------------------------+---------------------
 Reporter:  ioerror      |          Owner:
     Type:  enhancement  |         Status:  new
 Priority:  normal       |      Milestone:
Component:  Tor          |        Version:
 Keywords:               |  Actual Points:
Parent ID:               |         Points:
-------------------------+---------------------
 Hi,

 I've implemented a new way for client applications to speak to Tor. I
 wanted to lock down applications like web browsers to ensure that they
 cannot even make AF_INET or AF_INET6 sockets. There is one problem: all
 those clients need AF_INET to talk to Tor! This patch fixes this issue -
 if a client is able to make an AF_UNIX socket and it talks to a Tor that
 supports AF_UNIX, it will be able to use SOCKS to connect to the internet.

 I plan to write a patch to torsocks to implement this as a generic client.
 Later, I suspect we can add support to other applications very easily and
 then we can lock down those applications or even entire unix uids from
 being able to make AF_INET/AF_INET6 sockets.

 This helps us with AppArmor like issues - AppArmor doesn't have the
 ability to permit traffic to 127.0.0.1:9050 and to deny it for other
 addresses. With this implementation, we can simply deny all AF_INET and
 the application can still communicate with Tor as long as it has AF_UNIX
 permissions.

 This also helps us with iptables issues - there are no generally open
 TCP/IP sockets for anyone who is able to connect to (for example)
 127.0.0.1:9050 - we can control who can read and write to the SocksSocket
 with unix uid/gid controls.

 I've spent about two days testing (on Tails 1.0.1) these patches and
 loading it with the following configuration file:

 {{{
 Socks5Proxy 127.0.0.1:9050
 WarnUnsafeSocks 0
 SocksPort 0
 Log debug stderr
 SocksSocket /tmp/testing/SocksSocket
 SocksSocket /tmp/testing/SocksSocket1
 SocksSocket /tmp/testing/SocksSocket2
 SocksSocket /tmp/testing/SocksSocket3
 AvoidDiskWrites 1
 }}}

 I've been running it in valgrind like so:
 {{{
 valgrind --log-file=/tmp/SocksSocket-valgrind-005-with-three-
 SocksSockets.log -v --leak-check=full --track-origins=yes ./src/or/tor -f
 torrc.test
 }}}

 As I haven't yet implemented the torsocks client side of this, I've been
 using socat like so:
 {{{
 socat -v UNIX-CONNECT:/tmp/testing/SocksSocket TCP-
 LISTEN:6667,fork,RETRY,reuseaddr,end-close;
 }}}

 Finally, I use curl like so to fetch a web page through this totally
 convoluted mess of AF_*:
 {{{
 curl --socks5-hostname 127.0.0.1:6667 https://check.torproject.org;
 }}}

 Valgrind reports the following:
 {{{
 ==15187== Memcheck, a memory error detector
 ==15187== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al.
 ==15187== Using Valgrind-3.6.0.SVN-Debian and LibVEX; rerun with -h for
 copyright info
 ==15187== Command: ./src/or/tor -f torrc.test
 ==15187== Parent PID: 29356
 ==15187==
 --15187--
 --15187-- Valgrind options:
 --15187--    --suppressions=/usr/lib/valgrind/debian-libc6-dbg.supp
 --15187--    --log-file=/tmp/SocksSocket-valgrind-005-with-three-
 SocksSockets.log
 --15187--    -v
 --15187--    --leak-check=full
 --15187--    --track-origins=yes
 --15187-- Contents of /proc/version:
 --15187--   Linux version 3.14-1-amd64 (debian-kernel@xxxxxxxxxxxxxxxx)
 (gcc version 4.8.3 (Debian 4.8.3-2) ) #1 SMP Debian 3.14.5-1 (2014-06-05)
 --15187-- Arch and hwcaps: X86, x86-sse1-sse2
 --15187-- Page sizes: currently 4096, max supported 4096
 --15187-- Valgrind library directory: /usr/lib/valgrind
 --15187-- Reading syms from /home/amnesia/Persistent/src/tor/src/or/tor
 (0x108000)
 --15187-- Reading syms from /lib/ld-2.11.3.so (0x4400000)
 --15187--   Considering /lib/ld-2.11.3.so ..
 --15187--   .. CRC mismatch (computed 19231304 wanted 2b6c260a)
 --15187--   Considering /usr/lib/debug/lib/ld-2.11.3.so ..
 --15187--   .. CRC is valid
 --15187-- Reading syms from /usr/lib/valgrind/memcheck-x86-linux
 (0x38000000)
 --15187--    object doesn't have a dynamic symbol table
 --15187-- Reading suppressions file: /usr/lib/valgrind/debian-
 libc6-dbg.supp
 --15187-- Reading suppressions file: /usr/lib/valgrind/default.supp
 --15187-- REDIR: 0x4416490 (index) redirected to 0x3803eda3
 (vgPlain_x86_linux_REDIR_FOR_index)
 --15187-- Reading syms from /usr/lib/valgrind/vgpreload_core-x86-linux.so
 (0xabcb000)
 --15187-- Reading syms from
 /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so (0xabd1000)
 ==15187== WARNING: new redirection conflicts with existing -- ignoring it
 --15187--     new: 0x04416490 (index               ) R-> 0x0abd4cb0 index
 --15187-- REDIR: 0x4416670 (strlen) redirected to 0xabd50f0 (strlen)
 --15187-- Reading syms from /usr/lib/libz.so.1.2.3.4 (0xccc3000)
 --15187--   Considering /usr/lib/libz.so.1.2.3.4 ..
 --15187--   .. CRC mismatch (computed 7be92cfa wanted 329326cb)
 --15187--    object doesn't have a symbol table
 --15187-- Reading syms from /lib/libm-2.11.3.so (0xccdf000)
 --15187--   Considering /lib/libm-2.11.3.so ..
 --15187--   .. CRC mismatch (computed 0116a1b2 wanted cca4fc2f)
 --15187--   Considering /usr/lib/debug/lib/libm-2.11.3.so ..
 --15187--   .. CRC is valid
 --15187-- Reading syms from /usr/lib/libevent-1.4.so.2.1.3 (0xcd09000)
 --15187--    object doesn't have a symbol table
 --15187-- Reading syms from /usr/lib/i686/cmov/libssl.so.0.9.8 (0xcd20000)
 --15187--   Considering /usr/lib/i686/cmov/libssl.so.0.9.8 ..
 --15187--   .. CRC mismatch (computed 7cd446f3 wanted 6aaecd6b)
 --15187--    object doesn't have a symbol table
 --15187-- Reading syms from /usr/lib/i686/cmov/libcrypto.so.0.9.8
 (0xcd70000)
 --15187--   Considering /usr/lib/i686/cmov/libcrypto.so.0.9.8 ..
 --15187--   .. CRC mismatch (computed a803f391 wanted 934b1db6)
 --15187--    object doesn't have a symbol table
 --15187-- Reading syms from /lib/librt-2.11.3.so (0xcecd000)
 --15187--   Considering /lib/librt-2.11.3.so ..
 --15187--   .. CRC mismatch (computed 11db8d18 wanted 4837ea6c)
 --15187--   Considering /usr/lib/debug/lib/librt-2.11.3.so ..
 --15187--   .. CRC is valid
 --15187-- Reading syms from /lib/libdl-2.11.3.so (0xceda000)
 --15187--   Considering /lib/libdl-2.11.3.so ..
 --15187--   .. CRC mismatch (computed 3740dd8b wanted 09c06eb3)
 --15187--   Considering /usr/lib/debug/lib/libdl-2.11.3.so ..
 --15187--   .. CRC is valid
 --15187-- Reading syms from /lib/libc-2.11.3.so (0xcede000)
 --15187--   Considering /lib/libc-2.11.3.so ..
 --15187--   .. CRC mismatch (computed 4ef5e22d wanted 481f3942)
 --15187--   Considering /usr/lib/debug/lib/libc-2.11.3.so ..
 --15187--   .. CRC is valid
 --15187-- Reading syms from /lib/libpthread-2.11.3.so (0xd027000)
 --15187--   Considering /lib/libpthread-2.11.3.so ..
 --15187--   .. CRC mismatch (computed d08a9725 wanted 0065618d)
 --15187--   Considering /usr/lib/debug/lib/libpthread-2.11.3.so ..
 --15187--   .. CRC is valid
 --15187-- Reading syms from /lib/libnsl-2.11.3.so (0xd040000)
 --15187--   Considering /lib/libnsl-2.11.3.so ..
 --15187--   .. CRC mismatch (computed 65a29afd wanted f8853f76)
 --15187--   Considering /usr/lib/debug/lib/libnsl-2.11.3.so ..
 --15187--   .. CRC is valid
 --15187-- Reading syms from /lib/libresolv-2.11.3.so (0xd05b000)
 --15187--   Considering /lib/libresolv-2.11.3.so ..
 --15187--   .. CRC mismatch (computed 66a703f9 wanted 6378a0ac)
 --15187--   Considering /usr/lib/debug/lib/libresolv-2.11.3.so ..
 --15187--   .. CRC is valid
 --15187-- REDIR: 0xcf50950 (index) redirected to 0xabd4c20 (index)
 --15187-- REDIR: 0xcf52750 (memchr) redirected to 0xabd5830 (memchr)
 --15187-- REDIR: 0xcf513f0 (rindex) redirected to 0xabd4b60 (rindex)
 --15187-- REDIR: 0xcf51040 (strlen) redirected to 0xabd50b0 (strlen)
 --15187-- REDIR: 0xcf4d7c0 (malloc) redirected to 0xabd3ecb (malloc)
 --15187-- REDIR: 0xcf52ed0 (memcpy) redirected to 0xabd5870 (memcpy)
 --15187-- REDIR: 0xcf55830 (strchrnul) redirected to 0xabd6590 (strchrnul)
 --15187-- REDIR: 0xcf4d6e0 (free) redirected to 0xabd3ae5 (free)
 --15187-- REDIR: 0xcf52a20 (mempcpy) redirected to 0xabd6600 (mempcpy)
 --15187-- REDIR: 0xcf4ced0 (calloc) redirected to 0xabd31af (calloc)
 --15187-- Reading syms from /lib/libgcc_s.so.1 (0xd483000)
 --15187--   Considering /lib/libgcc_s.so.1 ..
 --15187--   .. CRC mismatch (computed 5efc9915 wanted ece5a7a0)
 --15187--    object doesn't have a symbol table
 --15187-- REDIR: 0xcf4e760 (realloc) redirected to 0xabd3f7a (realloc)
 --15187-- REDIR: 0xcf51230 (strncmp) redirected to 0xabd55d0 (strncmp)
 --15187-- REDIR: 0xcf52bd0 (stpcpy) redirected to 0xabd6120 (stpcpy)
 --15187-- REDIR: 0xcf51310 (strncpy) redirected to 0xabd52f0 (strncpy)
 --15187-- REDIR: 0xcf50ac0 (strcmp) redirected to 0xabd56b0 (strcmp)
 --15187-- REDIR: 0xcf529c0 (memset) redirected to 0xabd64a0 (memset)
 --15187-- REDIR: 0xcf50b40 (strcpy) redirected to 0xabd5130 (strcpy)
 --15187-- REDIR: 0xcf55760 (rawmemchr) redirected to 0xabd65c0 (rawmemchr)
 --15187-- REDIR: 0xcf52910 (memmove) redirected to 0xabd6510 (memmove)
 --15187-- REDIR: 0xcfbc620 (__memcpy_chk) redirected to 0xabd69b0
 (__memcpy_chk)
 ==15187== Conditional jump or move depends on uninitialised value(s)
 ==15187==    at 0x1E8C04: connection_ap_expire_beginning
 (connection_edge.c:600)
 ==15187==    by 0x13669D: second_elapsed_callback (main.c:1501)
 ==15187==    by 0x25E572: periodic_timer_cb (compat_libevent.c:538)
 ==15187==    by 0xCD0EEE3: event_base_loop (in
 /usr/lib/libevent-1.4.so.2.1.3)
 ==15187==    by 0x1318E0: do_main_loop (main.c:2028)
 ==15187==    by 0x133BDC: tor_main (main.c:2998)
 ==15187==    by 0x12F7D2: main (tor_main.c:30)
 ==15187==  Uninitialised value was created by a stack allocation
 ==15187==    at 0x1DE763: connection_handle_listener_read
 (connection.c:1454)
 ==15187==
 --15187-- Discarding syms at 0xd485350-0xd49d738 in /lib/libgcc_s.so.1 due
 to munmap()
 ==15187==
 ==15187== HEAP SUMMARY:
 ==15187==     in use at exit: 3,565 bytes in 29 blocks
 ==15187==   total heap usage: 353,781 allocs, 353,752 frees, 85,358,749
 bytes allocated
 ==15187==
 ==15187== Searching for pointers to 29 not-freed blocks
 ==15187== Checked 276,744 bytes
 ==15187==
 ==15187== LEAK SUMMARY:
 ==15187==    definitely lost: 0 bytes in 0 blocks
 ==15187==    indirectly lost: 0 bytes in 0 blocks
 ==15187==      possibly lost: 0 bytes in 0 blocks
 ==15187==    still reachable: 3,565 bytes in 29 blocks
 ==15187==         suppressed: 0 bytes in 0 blocks
 ==15187== Reachable blocks (those to which a pointer was found) are not
 shown.
 ==15187== To see them, rerun with: --leak-check=full --show-reachable=yes
 ==15187==
 ==15187== ERROR SUMMARY: 660 errors from 1 contexts (suppressed: 37 from
 12)
 ==15187==
 ==15187== 660 errors in context 1 of 1:
 ==15187== Conditional jump or move depends on uninitialised value(s)
 ==15187==    at 0x1E8C04: connection_ap_expire_beginning
 (connection_edge.c:600)
 ==15187==    by 0x13669D: second_elapsed_callback (main.c:1501)
 ==15187==    by 0x25E572: periodic_timer_cb (compat_libevent.c:538)
 ==15187==    by 0xCD0EEE3: event_base_loop (in
 /usr/lib/libevent-1.4.so.2.1.3)
 ==15187==    by 0x1318E0: do_main_loop (main.c:2028)
 ==15187==    by 0x133BDC: tor_main (main.c:2998)
 ==15187==    by 0x12F7D2: main (tor_main.c:30)
 ==15187==  Uninitialised value was created by a stack allocation
 ==15187==    at 0x1DE763: connection_handle_listener_read
 (connection.c:1454)
 ==15187==
 --15187--
 --15187-- used_suppression:     37 dl-hack3-cond-1
 ==15187==
 ==15187== ERROR SUMMARY: 660 errors from 1 contexts (suppressed: 37 from
 12)
 }}}

 I think that other than that single conditional jump in
 connection_ap_expire_beginning, there aren't any serious valgrind issues
 that are related to my patch. Though I admit, I'm not entirely sure of why
 that valgrind issue is showing up and I'm starting to dig into it now.

 I've based my patch on 48d7fceee5e6041ccdd4316f51de0d6b5e1818ed; I'm happy
 to rebase it if that is useful.

 Feedback is appreciated!

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/12585>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs