Yesterday I wrote about Tor on Firefox OS. Further testing showed an issue when switching networks - a common thing to happen when carrying a mobile device. The
iptables rule I was using didn’t exclude the
tor process itself from having traffic redirected. When a network switch occurred
tor would attempt to reestablish connections and this would fail.
A fix for this is to exclude
tor from the
iptables rules or to use rules for specific processes only. The processes that belong to an Firefox OS application be be viewed with
APPLICATION SEC USER PID PPID VSIZE RSS NAME b2g 0 root 181 1 494584 135544 /system/b2g/b2g (Nuwa) 0 root 830 181 55052 20420 /system/b2g/plugin-container Built-in Keyboa 2 u0_a912 912 830 67660 26048 /system/b2g/plugin-container Vertical 2 u0_a1088 1088 830 103336 34428 /system/b2g/plugin-container Usage 2 u0_a4478 4478 830 65544 23584 /system/b2g/plugin-container Browser 2 u0_a26328 26328 830 75680 21164 /system/b2g/plugin-container Settings 2 u0_a27897 27897 830 79840 28044 /system/b2g/plugin-container (Preallocated a 2 u0_a28176 28176 830 62316 18556 /system/b2g/plugin-container
iptables that ships with Firefox OS doesn’t seem to support the
--pid-owner option for rule selection so I can’t select specifically the
tor or application processes. I can however select based on
group. Each application gets their own
user so the option to redirect traffic for applications can use that. I wasn’t able to get this working reliably though so I switched to targeting the
tor process itself.
In my writeup I ran
tor as root. I need to run as a different user so that I can use
iptables. Firefox OS inherits the Android method of users and groups where specific users are hardcoded into the system. Since this is a proof of concept and I want to get things working quickly I decided to pick an existing user,
system, and run
tor as that. By setting the
User option in the Tor configuration file I can have Tor switch to that user at run time. Nothing is ever that easy though as user does not have permission to do the many things that
tor requires. It can’t create sockets for example.
Enter Linux capabilities. It is possible to grant a process certain capabilities which give it the right to perform priviledged actions without being a superuser. There is an existing Tor trac ticket about this and I used the sample code in that ticket to modify
tor to keep the required capabilities when it switches user, I put the code I cobbled together to patch
tor in tor.patch.
To use this change the
Building tor section of my original post to use these commands:
$ cd $HOME/build $ wget https://www.torproject.org/dist/tor-0.2.4.22.tar.gz $ cd tor-0.2.4.22 $ curl http://bluishcoder.co.nz/b2g/tor.patch | patch -p1 $ ./configure --host=arm-linux-androideabi \ --prefix=$HOME/build/install \ --enable-static-libevent $ make $ make install
Change the Tor configuration file to switch the user to
system in the
Packaging Tor for the device section:
DataDirectory /data/local/tor/tmp SOCKSPort 127.0.0.1:9050 IsolateDestAddr SOCKSPort 127.0.0.1:9063 RunAsDaemon 1 Log notice file /data/local/tor/tmp/tor.log VirtualAddrNetwork 10.192.0.0/10 AutomapHostsOnResolve 1 TransPort 9040 DNSPort 9053 User system
I’ve also changed the location of the data files to be in a
tmp directory which needs to be given the
system user owner. Change the steps in
Running tor to:
$ adb shell # cd /data/local/tor # mkdir tmp # chown system:system tmp # ./tor -f torrc & # iptables -t nat -A OUTPUT ! -o lo -m owner ! --uid-owner system \ -p udp --dport 53 -j REDIRECT --to-ports 9053 # iptables -t nat -A OUTPUT ! -o lo \ -m owner ! --uid-owner system \ -p tcp -j REDIRECT --to-ports 9040
Now tor should work in the presence of network switching. I’ve updated the b2g_tor.tar.gz to include the new
tor binary, the updated configuration file, and a couple of shell scripts that will run the
iptables commands to redirect traffic to
tor and to cancel the redirection.
As before the standard disclaimer applies:
All files and modifications described and provided here are at your own risk. This is a proof of concept. Don’t tinker on devices you depend on and don’t want to risk losing data. These changes are not an official Mozilla project and do not represent any future plans for Mozilla projects.
This is probably as far as I’ll take things for now with this proof of concept and see what happens from here after using it for a while.