[tor-bugs] #17980 [Torsocks]: Torify/Torsocks - Possible bug with OSX's default curl binary
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Jan 3 02:24:35 UTC 2016
#17980: Torify/Torsocks - Possible bug with OSX's default curl binary
--------------------------+---------------------------------
Reporter: z0xcd | Owner: dgoulet
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Torsocks | Version: Tor: 0.2.7.6
Severity: Normal | Keywords: torsocks,torify,osx
Actual Points: | Parent ID:
Points: | Sponsor:
--------------------------+---------------------------------
OSX default curl binary is not being torified when using ''torify'' or
''torsocks''. Using: {{{ curl --proxy
socks5h://curl:curl@127.0.0.1:9050/}}} works fine, however, running {{{
torify/torsocks curl <url> }}} does not work.
Example:
{{{ $ torify curl ifconfig.co/all.json # returns original IP }}}
{{{ $ curl --proxy socks5h://curl:curl@127.0.0.1:9050/
ifconfig.co/all.json # returns the expected output }}}
{{{ $ torify curl https://check.torproject.org/ | grep -i congratulations
# returns nothing}}}
Torify does work on the Homebrew's curl version with the torify command,
but it does not work when running a torify --shell (nor does the default
OSX's curl):
{{{
$ torify --shell
/usr/local/bin/torsocks: New torified shell coming right up...
$ /usr/local/opt/curl/bin/curl ifconfig.co/all.json # returns my real IP
$ /usr/bin/curl ifconfig.co/all.json # returns my real IP
$ wget ifconfig.co/all.json # returns my real IP too (using homebrew's
wget version 1.17.1)
}}}
OSX default curl:
{{{
$ curl --version
curl 7.43.0 (x86_64-apple-darwin15.0) libcurl/7.43.0 SecureTransport
zlib/1.2.5
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3
pop3s rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB
SSL libz UnixSockets
}}}
Homebrew's curl version:
{{{
$ /usr/local/opt/curl/bin/curl --version
curl 7.46.0 (x86_64-apple-darwin15.0.0) libcurl/7.46.0 SecureTransport
zlib/1.2.5
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3
pop3s rtsp smb smbs smtp smtps telnet tftp
Features: IPv6 Largefile NTLM NTLM_WB SSL libz UnixSockets
}}}
Apple makes this difficult to debug and find out why, due it's Security
Integrity Protection (executables signed with restricted entitlements), so
I copied OSX's default curl binary to /tmp, ran [1] then I was able to run
btruss on the default curl, however I wasn't able run torify with btruss ,
since [1] didn't work, btruss output didn't have anything interesting as
far as I know.
Attachments: with-torify.txt for the output of {{{sudo torify dtruss
./curl ifconfig.co/all.json}}} and no-torify.txt for {{{sudo dtruss ./curl
ifconfig.co/all.json}}}
I am willing to help debug this if needed, but I would like some help to
make this easier, since disabling OSX's System Integrity Protection is not
a good idea, and apparently code-signing didn't work with me.
[1] {{{ codesign -f -s `whoami` curl }}}
'''OSX version: 10.11.2 (15C50)
Torsocks version: Torsocks 2.1.0
Tor version: 0.2.7.6
'''
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17980>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list