On Jun 11, 2018, at 7:35 AM, iry iry@riseup.net wrote:
Dear Tor developers,
I met a problem when trying to use the snowflake-client binary extracted from TBB 8.0a8 with the system Tor.
Specifically, it seems snowflake-client cannot be run by debian-tor user, regardless of the permissions it is given.
I am posting the full steps below. A better formatted version of it can be found here: http://forums.whonix.org/t/replacing-meek-snowflake/5190/18
Here is the original permission and ownership of snowflake-client:
user@host:~$ ls -l snowflake-client -rwx------ 1 user user 14160744 Jun 4 06:17 snowflake-client
It can be executed by user user:
user@host:~$ sudo -u user ./snowflake-client 2018/06/04 06:18:21
--- Starting Snowflake Client --- 2018/06/04 06:18:21 No HTTP signaling detected. Using manual copy-paste signaling. 2018/06/04 06:18:21 Waiting for a "signal" pipe... ^C
We now change the permission to let it executable by user debian-tor:
user@host:~$ sudo chmod 777 snowflake-client
user@host:~$ sudo -u debian-tor ./snowflake-client 2018/06/04 06:18:43
Noticed the permission denied:
--- Starting Snowflake Client --- 2018/06/04 06:18:43 No HTTP signaling detected. Using manual copy-paste signaling. 2018/06/04 06:18:43 Waiting for a "signal" pipe... 2018/06/04 06:18:43 open signal: permission denied
We now change its ownership to debian-tor:debian-tor:
user@host:~$ sudo chown debian-tor:debian-tor snowflake-client user@host:~$ ls -l snowflake-client -rwxrwxrwx 1 debian-tor debian-tor 14160744 Jun 4 06:17 snowflake-client
Still, permission denied:
user@host:~$ sudo -u debian-tor ./snowflake-client 2018/06/04 06:19:15
--- Starting Snowflake Client --- 2018/06/04 06:19:15 No HTTP signaling detected. Using manual copy-paste signaling. 2018/06/04 06:19:15 Waiting for a "signal" pipe... 2018/06/04 06:19:15 open signal: permission denied
However, when executing it by user, it works fine:
user@host:~$ sudo -u user ./snowflake-client 2018/06/04 06:19:22
--- Starting Snowflake Client --- 2018/06/04 06:19:22 No HTTP signaling detected. Using manual copy-paste signaling. 2018/06/04 06:19:22 Waiting for a "signal" pipe... ^C
I didn't find any special requirement for the user who runs snowflake-client from the documentation, so it would be extremely helpful and appreciated if you could share some insights on this problem. :)
When you launch the client binary without providing a broker url it tries to create a named pipe (mkfifo) to do signalling.
https://gitweb.torproject.org/pluggable-transports/snowflake.git/tree/client...
Try providing a -url as in, https://gitweb.torproject.org/pluggable-transports/snowflake.git/tree/client...
Best Regards, iry _______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev