-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Dear Tor developers,
I met a problem when trying to use the snowflake-client binary extracted from TBB 8.0a8 with the system Tor.
Specifically, it seems snowflake-client cannot be run by debian-tor user, regardless of the permissions it is given.
I am posting the full steps below. A better formatted version of it can be found here: http://forums.whonix.org/t/replacing-meek-snowflake/5190/18
Here is the original permission and ownership of snowflake-client:
user@host:~$ ls -l snowflake-client -rwx------ 1 user user 14160744 Jun 4 06:17 snowflake-client
It can be executed by user user:
user@host:~$ sudo -u user ./snowflake-client 2018/06/04 06:18:21
--- Starting Snowflake Client --- 2018/06/04 06:18:21 No HTTP signaling detected. Using manual copy-paste signaling. 2018/06/04 06:18:21 Waiting for a "signal" pipe... ^C
We now change the permission to let it executable by user debian-tor:
user@host:~$ sudo chmod 777 snowflake-client
user@host:~$ sudo -u debian-tor ./snowflake-client 2018/06/04 06:18:43
Noticed the permission denied:
--- Starting Snowflake Client --- 2018/06/04 06:18:43 No HTTP signaling detected. Using manual copy-paste signaling. 2018/06/04 06:18:43 Waiting for a "signal" pipe... 2018/06/04 06:18:43 open signal: permission denied
We now change its ownership to debian-tor:debian-tor:
user@host:~$ sudo chown debian-tor:debian-tor snowflake-client user@host:~$ ls -l snowflake-client -rwxrwxrwx 1 debian-tor debian-tor 14160744 Jun 4 06:17 snowflake-client
Still, permission denied:
user@host:~$ sudo -u debian-tor ./snowflake-client 2018/06/04 06:19:15
--- Starting Snowflake Client --- 2018/06/04 06:19:15 No HTTP signaling detected. Using manual copy-paste signaling. 2018/06/04 06:19:15 Waiting for a "signal" pipe... 2018/06/04 06:19:15 open signal: permission denied
However, when executing it by user, it works fine:
user@host:~$ sudo -u user ./snowflake-client 2018/06/04 06:19:22
--- Starting Snowflake Client --- 2018/06/04 06:19:22 No HTTP signaling detected. Using manual copy-paste signaling. 2018/06/04 06:19:22 Waiting for a "signal" pipe... ^C
I didn't find any special requirement for the user who runs snowflake-client from the documentation, so it would be extremely helpful and appreciated if you could share some insights on this problem. :)
Best Regards, iry
On Jun 11, 2018, at 7:35 AM, iry iry@riseup.net wrote:
Dear Tor developers,
I met a problem when trying to use the snowflake-client binary extracted from TBB 8.0a8 with the system Tor.
Specifically, it seems snowflake-client cannot be run by debian-tor user, regardless of the permissions it is given.
I am posting the full steps below. A better formatted version of it can be found here: http://forums.whonix.org/t/replacing-meek-snowflake/5190/18
Here is the original permission and ownership of snowflake-client:
user@host:~$ ls -l snowflake-client -rwx------ 1 user user 14160744 Jun 4 06:17 snowflake-client
It can be executed by user user:
user@host:~$ sudo -u user ./snowflake-client 2018/06/04 06:18:21
--- Starting Snowflake Client --- 2018/06/04 06:18:21 No HTTP signaling detected. Using manual copy-paste signaling. 2018/06/04 06:18:21 Waiting for a "signal" pipe... ^C
We now change the permission to let it executable by user debian-tor:
user@host:~$ sudo chmod 777 snowflake-client
user@host:~$ sudo -u debian-tor ./snowflake-client 2018/06/04 06:18:43
Noticed the permission denied:
--- Starting Snowflake Client --- 2018/06/04 06:18:43 No HTTP signaling detected. Using manual copy-paste signaling. 2018/06/04 06:18:43 Waiting for a "signal" pipe... 2018/06/04 06:18:43 open signal: permission denied
We now change its ownership to debian-tor:debian-tor:
user@host:~$ sudo chown debian-tor:debian-tor snowflake-client user@host:~$ ls -l snowflake-client -rwxrwxrwx 1 debian-tor debian-tor 14160744 Jun 4 06:17 snowflake-client
Still, permission denied:
user@host:~$ sudo -u debian-tor ./snowflake-client 2018/06/04 06:19:15
--- Starting Snowflake Client --- 2018/06/04 06:19:15 No HTTP signaling detected. Using manual copy-paste signaling. 2018/06/04 06:19:15 Waiting for a "signal" pipe... 2018/06/04 06:19:15 open signal: permission denied
However, when executing it by user, it works fine:
user@host:~$ sudo -u user ./snowflake-client 2018/06/04 06:19:22
--- Starting Snowflake Client --- 2018/06/04 06:19:22 No HTTP signaling detected. Using manual copy-paste signaling. 2018/06/04 06:19:22 Waiting for a "signal" pipe... ^C
I didn't find any special requirement for the user who runs snowflake-client from the documentation, so it would be extremely helpful and appreciated if you could share some insights on this problem. :)
When you launch the client binary without providing a broker url it tries to create a named pipe (mkfifo) to do signalling.
https://gitweb.torproject.org/pluggable-transports/snowflake.git/tree/client...
Try providing a -url as in, https://gitweb.torproject.org/pluggable-transports/snowflake.git/tree/client...
Best Regards, iry _______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
On Mon, 11 Jun 2018 13:24:19 -0400 Arlo Breault arlo@torproject.org wrote:
When you launch the client binary without providing a broker url it tries to create a named pipe (mkfifo) to do signalling.
https://gitweb.torproject.org/pluggable-transports/snowflake.git/tree/client...
The PT spec explicitly forbids this behavior, to avoid this problem.
https://gitweb.torproject.org/torspec.git/tree/pt-spec.txt#n188
"TOR_PT_STATE_LOCATION" Specifies an absolute path to a directory where the PT is allowed to store state that will be persisted across invocations. The directory is not required to exist when the PT is launched, however PT implementations SHOULD be able to create it as required. PTs MUST only store files in the path provided, and MUST NOT create or modify files elsewhere on the system. Example: TOR_PT_STATE_LOCATION=/var/lib/tor/pt_state/
Regards,
On Mon, Jun 11, 2018 at 07:30:31PM +0000, Yawning Angel wrote:
On Mon, 11 Jun 2018 13:24:19 -0400 Arlo Breault arlo@torproject.org wrote:
When you launch the client binary without providing a broker url it tries to create a named pipe (mkfifo) to do signalling.
https://gitweb.torproject.org/pluggable-transports/snowflake.git/tree/client...
The PT spec explicitly forbids this behavior, to avoid this problem.
It's just a vestige of some early debugging code, don't worry about it. Before we had the broker and everything, you had to manually copy and paste rendezvous messages.