Feature #9001
Onion Circuits should connect via the Tor control port filter
100%
Description
One of my main motivations to remove Vidalia is to get rid of this “one X application has full control over Tor” situation, so it would be good if Tor Monitor was only allowed to get the information it needs, as opposed to being allowed to do everything such as configure a well-chosen set of M attacker-controlled bridges and de-anonymize the user (with precision = N bits, given N total bridges controlled by the attacker).
As of 20150220, Tor Monitor directly uses:
- GETINFO circuit-status
- GETINFO stream-status
- GETINFO ip-to-country
It also uses Stem, that probably sends more control commands to Tor.
Subtasks
Related issues
Related to Tails - |
Resolved | 2015-05-09 | |
Related to Tails - Bug #9365: Evaluate consequences of full Tor circuit/stream state and restrict it as needed | Confirmed | 2015-05-09 | |
Related to Tails - Feature #8927: Replicate Vidalia's ability to close arbitrary circuits | Confirmed | 2015-02-21 | |
Related to Tails - |
Resolved | 2014-02-21 | |
Related to Tails - |
Resolved | 2016-06-23 | |
Related to Tails - |
Resolved | 2016-09-22 | |
Has duplicate Tails - |
Duplicate | 2015-08-17 | |
Blocks Tails - |
Resolved | 2016-03-07 |
History
#1 Updated by intrigeri 2015-03-03 14:22:08
- Affected tool set to Tor Monitor
#2 Updated by intrigeri 2015-03-03 14:23:45
- Description updated
#3 Updated by intrigeri 2015-05-25 09:51:37
- related to
Bug #9366: Is user separation enough to hide Tor state from Vidalia? added
#4 Updated by alant 2015-09-14 14:57:07
- Parent task set to
Feature #6842
To get the conversation between TorMonitor and the Tor daemon: sudo socat -v UNIX-LISTEN:/tmp/tor-control-copy UNIX-CONNECT:/var/run/tor/control.
Currently TorMonitor uses:
- PROTOCOLINFO
- AUTHCHALLENGE SAFECOOKIE
- AUTHENTICATE
- SETEVENTS
- GETCONF __owningcontrollerprocess
- GETINFO version
- SETEVENTS SIGNAL
- SETEVENTS CONF_CHANGED SIGNAL STREAM CIRC
- GETINFO circuit-status
- GETINFO stream-status
- GETCONF usemicrodescriptors
- GETINFO ip-to-country/*
- GETINFO ns/id/*
#5 Updated by alant 2015-09-14 14:58:36
- blocks
Feature #9582: Install Onion Circuits added
#6 Updated by alant 2015-09-14 14:59:54
- has duplicate
Feature #10058: Filter TorMonitor access to tor control socket added
#7 Updated by alant 2015-09-14 15:02:29
- Assignee deleted (
alant)
I’d like help on this task, so deassigning from me to make it clear it looks for a taker (I’m still in charge of Feature #9582 which is blocked by this one).
#8 Updated by alant 2015-11-08 02:35:18
- Parent task deleted (
)Feature #6842
#9 Updated by alant 2015-11-08 02:38:43
- blocked by deleted (
)Feature #9582: Install Onion Circuits
#10 Updated by alant 2015-11-08 02:44:21
- Parent task set to
Feature #9582
#11 Updated by intrigeri 2016-02-18 20:27:58
- Subject changed from Tor Monitor should connect via the Tor control port filter to Onion Circuits should connect via the Tor control port filter
#12 Updated by intrigeri 2016-02-18 20:31:37
- Parent task deleted (
)Feature #9582 - Affected tool changed from Tor Monitor to Onion Circuits
Let’s not make it block Feature #9582 as even if we haven’t this, it’s not a regression compared to Vidalia (and yay, if we don’t do this now then likely it won’t ever be done, but well, I can live with it or fix it myself I guess).
#13 Updated by intrigeri 2016-02-21 10:54:04
- related to Bug #9365: Evaluate consequences of full Tor circuit/stream state and restrict it as needed added
#14 Updated by sajolida 2016-02-27 12:23:39
- related to Feature #8927: Replicate Vidalia's ability to close arbitrary circuits added
#15 Updated by intrigeri 2016-02-28 13:04:19
- related to
Feature #6742: Make tor-controlport-filter reusable added
#16 Updated by anonym 2016-02-29 11:22:28
alant wrote:
> To get the conversation between TorMonitor and the Tor daemon: sudo socat -v UNIX-LISTEN:/tmp/tor-control-copy UNIX-CONNECT:/var/run/tor/control.
>
> Currently TorMonitor uses:
>
> - PROTOCOLINFO
> - AUTHCHALLENGE SAFECOOKIE
> - AUTHENTICATE
> - SETEVENTS
> - GETCONF __owningcontrollerprocess
> - GETINFO version
> - SETEVENTS SIGNAL
> - SETEVENTS CONF_CHANGED SIGNAL STREAM CIRC
> - GETINFO circuit-status
> - GETINFO stream-status
> - GETCONF usemicrodescriptors
> - GETINFO ip-to-country/*
> - GETINFO ns/id/*
Allowing only these should be possible using Whonix’ fork of our control port filter, control-port-filter-python (docs. In Git it has support for globs, needed for (at least) the last two GETINFO
commands.
Also, it handles concurrent connections, so the same filter can probably be used for the Tor Browser’s circuit view.
#17 Updated by intrigeri 2016-04-01 16:38:22
- blocks
Bug #11197: Onion Circuits is not read by Orca added
#18 Updated by sajolida 2016-06-23 03:40:27
- related to
Feature #11542: Evaluate using roflcoptor as Tor control port filter added
#19 Updated by intrigeri 2016-09-23 03:09:23
- related to
Feature #11826: Evaluate using Whonix' control-port-filter-python as Tor control port filter added
#20 Updated by anonym 2016-09-26 11:51:45
- Status changed from Confirmed to In Progress
Applied in changeset commit:e3963d1de22bc9fcc3a61785e11838597bb816e9.
#21 Updated by anonym 2017-01-10 11:47:52
- Assignee set to intrigeri
- Target version set to Tails 2.10
- % Done changed from 0 to 50
- QA Check set to Ready for QA
- Feature Branch set to feature/7870-include_onionshare
#22 Updated by intrigeri 2017-01-11 12:14:04
- Status changed from In Progress to Fix committed
- % Done changed from 50 to 100
Applied in changeset commit:1a3c62b96edd337cacd6e6b6d2c9eed1951784a8.
#23 Updated by intrigeri 2017-01-11 12:16:29
- Assignee deleted (
intrigeri) - QA Check changed from Ready for QA to Pass
#24 Updated by anonym 2017-01-24 20:45:26
- Status changed from Fix committed to Resolved