No Tor in a Tor window

[tildelowengrimm]

Version 0.61.22 Chromium: 72.0.3626.81 (Official Build) dev (64-bit) on MacOS.

[kjozwiak]

Possibly related to #3058? With my personal dev profile running 0.61.22 Chromium: 72.0.3626.81, I went through the following:

• opened a Tor window and loaded https://check.torproject.org - Couldn't reproduce

Seems to be working for me. I also tried it with a brand new profile several times and couldn't reproduce. @btlechowski did mention that there's a race condition with Tor where sometimes you can get into a situation where you load a website too fast before Tor can initialize, which will leave you in a state where Tor isn't being used.

[riastradh-brave]

This seems to happen if the extension directory for the tor component (which is where the tor daemon executable lives) is nonwritable. This is a very weird state of affairs, but investigating why that happens under these circumstances, because even if it's a weird circumstance it shouldn't cause this.

[riastradh-brave]

Here's a hypothesis about how this might happen and how to fix it. Waiting for a build to confirm this and test a fix.

Diagnosis

1. BraveExtensionManagement::RegisterBraveExtensions() calls g_brave_browser_process->tor_client_updater()->Register(), to create a TorClientUpdater if necessary and register the extension.

   Initially, a BraveTorClientUpdater has an empty executable_path_. [1], [2]

2. BraveTorClientUpdater::Register() calls BraveComponentExtension::Register(kTorClientComponentName, ...) to load the extension.

3. Once the extension is loaded, presumably BraveTorClientUpdater::OnComponentReady is supposed to be called -- unless something goes wrong, in which case it isn't called.

   For example, making the extension directory nonwritable makes the component updater fail:

   [32176:32203:0214/000824.758570:ERROR:component_installer.cc(327)] Failed to read manifest or verify installation for Brave Tor Client Updater (Linux) (/tmp/user/1000/lose/biahpgbdmdkfgndcmfiipgcebobojjkp/1.0.4).: Permission denied (13)
   

4. BraveTorClientUpdater::OnComponentReady finds an appropriate executable file and sets executable_path_ to its path -- unless it can't find one, in which case it leaves executable_path_ empty.

   For example, chmod -x tor-0.3.4.9-linux-brave-0 && chown nobody tor-0.3.4.9-linux-brave-0 will make it fail:

   [10989:11003:0214/033329.365733:ERROR:brave_tor_client_updater.cc(70)] Failed to set executable permission on /tmp/user/1000/lose/biahpgbdmdkfgndcmfiipgcebobojjkp/1.0.4/tor-0.3.4.9-linux-brave-0
   

5. When you open a window with Tor, Brave calls BraveProfileManager::LaunchTorProcess(profile) to launch the tor daemon and set up the proxy config, using the executable path from g_brave_browser_process->tor_client_updater()->GetExecutablePath(), which may be empty if anything went wrong as in the bold print above.

6. When you make a connection in a Tor profile, OnBeforeURLRequest_TorWork calls TorProfileService::SetProxy to set up the proxy config for making the connection through the SOCKS proxy to the tor daemon.

7. TorProfileService::SetProxy has no effect if the tor config is 'empty'.

8. A tor config with an empty executable path is considered 'empty'.

Remedies

• Find some way to block connections altogether in if the tor config is not initialized. It looks like OnBeforeURLRequest_TorWork can return an error code -- perhaps we can just have TorProfileService::SetProxy return an error code rather than nothing.
• Find some way to noisily report failure if the component is not ready yet so that we can more easily diagnose the problem that Tom had of weird permissions on the directory.

Will propose a patch tomorrow if nobody else has beaten me to it.

cc @darkdh @bridiver

[btlechowski]

Verification passed on

Brave	0.61.39 Chromium: 73.0.3683.39 (Official Build) beta (64-bit)
Revision	cc53b0e12fcaf42e4bab8d6c23bd4fb7aae99f6c-refs/branch-heads/3683@{#413}
OS	Windows 7 Service Pack 1 Build 7601.24312

Used test plan from brave/brave-core#1679
Verified that tor executable is not launched.
Verified that error is shown when attempt is made to open a page.

Verification PASSED on macOS 10.14.3 x64 using the following build:

Brave	0.61.45 Chromium: 73.0.3683.39 (Official Build) beta(64-bit)
Revision	cc53b0e12fcaf42e4bab8d6c23bd4fb7aae99f6c-refs/branch-heads/3683@{#413}
OS	Mac OS X

• went through the the test plan outlined under Block URL requests in Tor windows if Tor is not set up right. brave-core#1679
• went through the STR outlined under Tor not working just after clean install #3058
• @LaurenWags went through the Tor manual passes under Manual test run on OS X for 0.61.x - Beta #3542

Verification passed on

Brave	0.61.46 Chromium: 73.0.3683.39 (Official Build) beta (64-bit)
Revision	cc53b0e12fcaf42e4bab8d6c23bd4fb7aae99f6c-refs/branch-heads/3683@{#413}
OS	Linux

• Verified tor binary is not launchable
• Verified error page is shown when visiting check.torproject.org