Bug #12239: Some users have no circuit view in Tor Browser

Bug #12239

Some users have no circuit view in Tor Browser

Added by anonym 2017-02-15 08:30:53 . Updated 2019-03-28 13:51:08 .

Status:

Resolved

Priority:

Normal

Assignee:

emmapeel

Category:

Target version:

Tails_3.0

Start date:

2017-02-15

Due date:

% Done:

Feature Branch:

Type of work:

Research

Blueprint:

Starter:

Affected tool:

Browser

Deliverable for:

Description

Supposedly this is even without persistence enabled (and in particular without custom persistence enabled for ~/.tor-browser) and without the involvement of IUKs.

Files

tor-controlport-filter.log (156 B)

emmapeel, 2017-02-17 09:07:03

Subtasks

History

#1 Updated by anonym 2017-02-15 08:42:13

How to debug:

Are you running from DVD, USB, SD card? Also:
- Please try another Tails medium on the same computer.
- Please try the same Tails medium on another computer.

What is the output of: cat /lib/live/mount/medium/live/Tails.module

In Tor Browser’s about:config, make sure that extensions.torbutton.display_circuit is set to true.

* Does this fix it?

sudo systemctl stop tor-controlport-filter
sudo sed -i 's/9052/9051/' /etc/tor/torrc
echo "CookieAuthentication 0" | sudo tee -a /etc/tor/torrc
sudo systemctl restart tor@default

And restart Tor Browser.

* If not:

sudo sed -i 's/9051/9052/' /etc/tor/torrc
sudo systemctl restart tor@default
/usr/local/lib/tor-controlport-filter --debug > tor-controlport-filter.log

And restart Tor Browser, verify that the circuit view doesn’t work again, Ctrl+C in the terminal to kill tor-controlport-filter, and attach tor-controlport-filter.log to this ticket.

#2 Updated by anonym 2017-02-15 08:42:37

Assignee changed from anonym to emmapeel
QA Check set to Info Needed

Can you please help me debug this, since you are affected?

#3 Updated by emmapeel 2017-02-17 07:51:26

anonym wrote:
> How to debug:
>
> * Are you running from DVD, USB, SD card? Also:

From USB - not possible right now to test on SD card I’m afraid.
>
> * What is the output of: cat /lib/live/mount/medium/live/Tails.module
>
filesystem.squashfs
> * In Tor Browser’s about:config, make sure that extensions.torbutton.display_circuit is set to true.
>
It is set to true.

> Does this fix it?
Nope.

I attach the tor-controlport-filter.log, not much on it, but on the console, while running `/usr/local/lib/tor-controlport-filter —debug > tor-controlport-filter.log` I got this:

Tor control port filter started, listening on localhost:9051
/usr/local/lib/tor-browser/firefox (pid: 15407, user: amnesia, port: 40534, filter: tor-browser) connected: loaded filter: tor-browser
Final rules:
commands:
  GETCONF:
  - {pattern: (bridge)}
  GETINFO:
  - {pattern: circuit-status}
  - {pattern: 'ns/id/[a-fA-F0-9]+'}
  - {pattern: ip-to-country/\d+\.\d+\.\d+\.\d+}
  SIGNAL:
  - {pattern: NEWNYM}
events:
  STREAM: {}
restrict-stream-events: true

/usr/local/lib/tor-browser/firefox (pid: 15407, user: amnesia, port: 40534, filter: tor-browser) disconnected: client quit
Traceback (most recent call last):
  File "/usr/lib/python3.5/socketserver.py", line 625, in process_request_thread
    self.finish_request(request, client_address)
  File "/usr/lib/python3.5/socketserver.py", line 354, in finish_request
    self.RequestHandlerClass(request, client_address, self)
  File "/usr/lib/python3.5/socketserver.py", line 681, in __init__
    self.handle()
  File "/usr/local/lib/tor-controlport-filter", line 618, in handle
    self.controller = self.connect_to_real_control_port()
  File "/usr/local/lib/tor-controlport-filter", line 554, in connect_to_real_control_port
    with open(global_args.control_cookie_path, "rb") as f:
PermissionError: [Errno 13] Permission denied: '/var/run/tor/control.authcookie'

#4 Updated by emmapeel 2017-02-17 08:01:18

Assignee changed from emmapeel to anonym

#5 Updated by emmapeel 2017-02-17 09:07:11

File tor-controlport-filter.log added

#6 Updated by anonym 2017-02-17 11:35:18

Assignee changed from anonym to emmapeel

Sorry, I messed up a bit in the above shell commands. Let’s try this instead (as root):

# make sure Tor Browser is not running
sed -i 's,^ExecStart=.*,\0 --debug,' /lib/systemd/system/tor-controlport-filter.service 
systemctl daemon-reload
systemctl restart tor-controlport-filter
# start Tor Browser, let a page load to 100% and make sure the circuit view is not working
journalctl -u tor-controlport-filter > tor-controlport-filter.log

I guess it’s safest if you email me that log, otherwise you might leak your bridge (or persistent entry guard) if you use one.

Hm. If you use a bridge (or persistent entry guard) can you please try without?

#7 Updated by emmapeel 2017-02-17 14:03:15

I didn’t used bridges that time… but I have to configure an HTTPS proxy to connect to the Internet.

I can try without it later.

#8 Updated by emmapeel 2017-02-18 17:04:42

Assignee changed from emmapeel to anonym

anonym wrote:
> Sorry, I messed up a bit in the above shell commands. Let’s try this instead (as root):
> […]
> # start Tor Browser, let a page load to 100% and make sure the circuit view is not working
It works now! (it wasnt working when i started doing this commands)

#9 Updated by anonym 2017-02-19 12:29:38

Assignee changed from anonym to emmapeel

emmapeel wrote:
> anonym wrote:
> > Sorry, I messed up a bit in the above shell commands. Let’s try this instead (as root):
> > […]
> > # start Tor Browser, let a page load to 100% and make sure the circuit view is not working
> It works now! (it wasnt working when i started doing this commands)

Ok, please test this then:

boot into a fresh Tails sedssion
start Tor Browser, let a page load to 100% and make sure the circuit view is not working
close Tor Browser is not running
sudo systemctl restart tor-controlport-filter
start Tor Browser, let a page load to 100% and look at the circuit view again

Hm. And also:

boot into a fresh Tails sedssion
sudo systemctl restart tor-controlport-filter
start Tor Browser, let a page load to 100% and look at the circuit view again

(Yes that’s the same as the above without steps 2 and 3.)

I’m trying to figure out whether simply restarting tor-controlport-filter is enough. If --debug is needed it’s a bit stranger, but might be indicative of some race/timing issue (i.e. the --debug printing’s added delays fix the timing issue).

#10 Updated by anonym 2017-03-09 14:00:32

Target version changed from Tails_2.11 to Tails_2.12

#11 Updated by emmapeel 2017-03-21 16:01:47

I haven’t tested 2.10 and 2.11 with this. I will do.

Incidentaly, I haven’t found this problem in Tails 3.0beta[1,2,3].

#12 Updated by intrigeri 2017-03-22 08:09:29

Status changed from Confirmed to Resolved
Target version changed from Tails_2.12 to Tails_3.0

> Incidentaly, I haven’t found this problem in Tails 3.0beta[1,2,3].

OK, closing with the appropriate target version then.

#13 Updated by mercedes508 2019-03-28 13:51:08

bfd20fbec601b9cc1470db1096eece3