Page MenuHomePhabricator

TBB's use of SocksSocket will break Whonix's Tor Browser implementation
Closed, ResolvedPublic



Tor Browser developers plan changes that would break Whonix's Tor over Tor prevention. Changes, that would make it hard for manually downloaded, unmodified TBB tarballs to work in Whonix out of the box while preventing Tor over Tor.


The current implementation of anon-ws-disable-stacked-tor using rinetd (design documentation, see footnote) will not work forever.

Tor implemented [SocksSocket]( option (unix domain sockets) version Tor Browser will start using . (Reference)

To make things worse, currently the environment variables TOR_SOCKS_HOST and TOR_SOCKS_PORT are broken. (upstream bug report)

Related Upstream Bug:

torrc's SocksSocket breaks tor-service-defaults-torrc's SocksPort


We might be able to solve this using socat. Because socat is apparently able to man-in-the-middle unix domain sockets. By using something like this (untested). (source)

sudo mv /path/to/sock /path/to/sock.original
sudo socat -t100 -x -v UNIX-LISTEN:/path/to/sock,mode=777,reuseaddr,fork UNIX-CONNECT:/path/to/sock.original

We might be able to redirect that unix domain socket to Whonix-Gateway.

Either directly to Whonix-Gateway (if we want to abolish rinetd).

sudo socat -t100 -x -v UNIX-LISTEN:/path/to/sock,mode=777,reuseaddr,fork TCP4:

Or to existing rinetd to keep things simpler for custom gateway IP's and Qubes.

sudo socat -t100 -x -v UNIX-LISTEN:/path/to/sock,mode=777,reuseaddr,fork TCP4:

Timing the renaming of TBB's unix domain socket file so we can intercept and redirect it seems difficult and error prone. Therefore it would be best if TBB supported an environment variable to connect to existing unix domain socket files. -> upstream feature request

Dev Test Toolbox:

For installation of Tor that comes with the SocksSocket option. /etc/apt/sources.list.d/torproject.list

deb tor-experimental-0.2.6.x-wheezy main

/etc/apparmor.d/local/system_tor AppArmor permission.

/{,var/}run/tor/socket rw,


SocksSocketsGroupWritable 1
SocksPort unix:/var/run/tor/socket

Test if the socket can be talked to.

socat - UNIX-CONNECT:/var/run/tor/socket

Create unix domain socket file /home/user/test.socket and forward to /var/run/tor/socket as proof of concept.

sudo socat -t100 -x -v UNIX-LISTEN:/home/user/test.socket,mode=777,reuseaddr,fork UNIX-CONNECT:/var/run/tor/socket

Test if the socket can be talked to.

socat - UNIX-CONNECT:./test.socket

Proof of concept is functional.

Forum user support thread:



Event Timeline

Patrick raised the priority of this task from to Normal.
Patrick updated the task description. (Show Details)
Patrick set Impact to Needs Triage.
Patrick changed Impact from Needs Triage to High.Aug 20 2015, 3:28 AM
Try to cope up with planned changes by the Tor Browser Bundle (TBB) developers. Try keeping Tor Browser being able to connect while preventing Tor over Tor.
The Tor Project (TPO) plans ( ) to modify TBB to use unix domain sockets (Tor SocksSocket option) instead of TCP to talk to Tor.
To make things worse, currently the environment variables TOR_SOCKS_HOST and TOR_SOCKS_PORT are broken. ( upstream bug report: )
Therefore creating unix domain sockets using socat in folder /var/run/anon-ws-disable-stacked-tor that are forwarded rinetd on localhost which forwards them to the gateway.
(Not directly forwarding those to the gateway to make the Qubes implementation simpler. This way no IP replacement is required.)
Optimistically setting environment variables to configure TBB in hope that those are later implemented by TPO.
export TOR_PRE_EXIST_UNIX_SOCKET_SOCKS="/var/run/anon-ws-disable-stacked-tor/"
export TOR_PRE_EXIST_UNIX_SOCKET_CONTROL="/var/run/anon-ws-disable-stacked-tor/"
As long it is ignored, there is no harm.
And once Tor Browser supports it, chances are better that it is still able to make connections See also:

Nothing else can be done here before The Tor Project proceeds.

Other crazy approaches:

  • a) ld preload magic
  • b) search and replace Tor binary

How is Tor started in TBB? If it is possible to disable it (I hope so), there should be no race condition with it. When user start TBB, the socket should be already there, and wont be overwritten because Tor is disabled. Right?

marmarek (Marek Marczykowski-Górecki):

How is Tor started in TBB?

In a nutshell:

  1. Tor Browser (which is a Firefox with patches by TPO) starts with its

main window hidden by default.

  1. Tor Launcher (which is a Firefox addon) provides the connection

wizard window.

  1. Then Tor Launcher starts Tor and allows Tor Browser to open its main


  1. Then Tor Browser uses 9150 (Socks) / 9151 (Control).
  1. In Whonix-Workstation we redirect these local ports to the



If it is possible to disable it (I hope

We are already disabling the bundled Tor that comes with Tor Browser.

( )

there should be no race condition with it.

No race condition indeed.

When user start TBB,
the socket should be already there,

Yes, Tor Browser would require the socket to be already existing.

and wont be overwritten because
Tor is disabled. Right?


Now the problem is, when they implement this, they might expect the
socket to be existing in
~/.tb/tor-browser/Browser/TorBrowser/Data/Tor/. Writing into the home
folder is troublesome. And in past they changed the folder structure
quite often so things could break.

To keep things stable connected, I requested the following environment


At the moment I can only wait what TPO says / does next.

In latest torbutton version there already is environment variable TOR_CONTROL_SOCKET.

There will be another one for the path to socks socket file. Asked what path that will be.

Patrick changed the task status from Open to Review.Oct 13 2016, 1:57 AM

The variable names ended up being:


Happy to report that Whonix 14 with Tor Browser 6.5a4-hardened unix domain socket files redirection works for me.

Patrick claimed this task.