Project

General

Profile

Bug #12460

Thunderbird doesn't use its dedicated SocksPort

Added by intrigeri 8 months ago. Updated 7 days ago.

Status:
In Progress
Priority:
Normal
Assignee:
Category:
-
Target version:
Start date:
04/19/2017
Due date:
% Done:

50%

QA Check:
Ready for QA
Feature Branch:
bugfix/12460-drop-Thunderbird-SocksPort
Type of work:
Code
Blueprint:
Starter:
Affected tool:
Email Client

Description

While testing 3.0~beta4 (TorBirdy 0.2.1-1 + some custom patches in tails.git), anonym noticed that icedove uses port 9050 while it should use 9061. So apparently extensions.torbirdy.custom.network.proxy.socks_port is not honored anymore.

I suspect one part of config/chroot_local-patches/0002-Allow-specifying-that-Enigmail-keyserver-communicati.patch (the added call to org.torbirdy.prefs.setProxyTor()) causes this problem.


Related issues

Blocks Tails - Feature #13244: Core work 2017Q4: Foundations Team Confirmed 06/29/2017

Associated revisions

Revision 23932128 (diff)
Added by intrigeri 7 days ago

Drop (broken) Thunderbird dedicated SocksPort (refs: #12460)

We use a dedicated SocksPort for the MUA as a trade-off: it gives poorer circuit
isolation than if we used the default SocksPort, but we were ready to compromise
on this in order to make POP-before-SMTP work. We've released Tails 3.0 with
this change 4 months ago and I've not heard about anyone being harmed by the
lack of POP-before-SMTP support, so let's give up on this one and get stronger
stream isolation in exchange.

History

#1 Updated by u 8 months ago

When testing this, I suggest that you not only test fetching emails but also to update GPG keys over the keyserver. I suspect a similar problem.

#2 Updated by intrigeri 8 months ago

When testing this, I suggest that you not only test fetching emails but also to update GPG keys over the keyserver. I suspect a similar problem.

Good catch!

Sadly, I've got bad news. I don't think we'll be able to have GnuPG v2 use a different SOCKS port when run from Icedove than from the general case without doing a substantial amount of non-trivial work that risks breaking other stuff (e.g. smartcard support): I've solved the TorBirdy vs. GnuPG v2 situation by adding a TorBirdy pref that essentially says "don't try to torify GnuPG yourself, it's already torified and you don't know how to do it with v2 anyway", and enabling this pref in Tails. So there's a trade-off to be found between how much time we want to spend on this (again) and how strong the circuit isolation we provide is.

IMO it's acceptable that GnuPG always uses the same SOCKS port, regardless of who calls it, because we explicitly state that "Tails doesn't magically separate your different contextual identities" (the circuit isolation we do is best effort, without any guarantee).

#3 Updated by u 8 months ago

intrigeri wrote:

When testing this, I suggest that you not only test fetching emails but also to update GPG keys over the keyserver. I suspect a similar problem.

Good catch!

Sadly, I've got bad news. I don't think we'll be able to have GnuPG v2 use a different SOCKS port when run from Icedove than from the general case without doing a substantial amount of non-trivial work that risks breaking other stuff (e.g. smartcard support): I've solved the TorBirdy vs. GnuPG v2 situation by adding a TorBirdy pref that essentially says "don't try to torify GnuPG yourself, it's already torified and you don't know how to do it with v2 anyway", and enabling this pref in Tails. So there's a trade-off to be found between how much time we want to spend on this (again) and how strong the circuit isolation we provide is.

When you say you added this preference, I suppose you mean that you added it to the upstream code as specified here: https://blog.torproject.org/blog/torbirdy-022-released with links to open bugs?

#4 Updated by emmapeel 8 months ago

u wrote:

When testing this, I suggest that you not only test fetching emails but also to update GPG keys over the keyserver. I suspect a similar problem.

Yeah I used to test while sending and receiving only, and it was always 9061 in previous versions.

#5 Updated by intrigeri 8 months ago

When you say you added this preference, I suppose you mean that you added it to the upstream code as specified here: https://blog.torproject.org/blog/torbirdy-022-released

Yes, I did implement this pref upstream, and enabled it in Tails.

with links to open bugs?

What links/bugs are you referring to?

#6 Updated by intrigeri 7 months ago

  • Target version changed from Tails_3.0~rc1 to Tails_3.1

We isolate the default SOCKS port based on IP and port anyway, so it's no big deal.

#7 Updated by intrigeri 6 months ago

#8 Updated by intrigeri 5 months ago

  • Subject changed from Icedove doesn't use its dedicated SocksPort to Thunderbird doesn't use its dedicated SocksPort

#9 Updated by intrigeri 5 months ago

  • Target version changed from Tails_3.1 to Tails_3.2

intrigeri wrote:

We isolate the default SOCKS port based on IP and port anyway, so it's no big deal.

… and thus IMO it's lower priority than a number of other Foundations Team work such as #12705 and #12543. Adjusting Redmine metadata so it's sorted in way that reflects this on my plate.

#10 Updated by intrigeri 3 months ago

  • Target version changed from Tails_3.2 to Tails_3.3

Reprioritized in favour of #14612.

#11 Updated by intrigeri 3 months ago

#12 Updated by intrigeri 3 months ago

#13 Updated by intrigeri about 1 month ago

  • Target version changed from Tails_3.3 to Tails_3.5

I had to take over some work so let's postpone this.

#14 Updated by intrigeri 7 days ago

  • Status changed from Confirmed to In Progress
  • % Done changed from 0 to 10

According to https://tails.boum.org/contribute/design/stream_isolation/ we use a dedicated SocksPort for the MUA as a trade-off: it gives poorer circuit isolation than if we used the default SocksPort, but we were ready to compromise on this in order to make POP-before-SMTP work. We've released Tails 3.0 with this change 4 months ago and I've not heard about anyone being harmed by the lack of POP-before-SMTP support, so I'll simply drop the dedicated SocksPort and be done with it.

#15 Updated by intrigeri 7 days ago

  • Feature Branch set to bugfix/12460-drop-Thunderbird-SocksPort

#16 Updated by intrigeri 7 days ago

  • Assignee changed from intrigeri to anonym
  • Target version changed from Tails_3.5 to Tails_3.6
  • % Done changed from 10 to 50
  • QA Check set to Ready for QA

I could check email over IMAP, send over SMTP, and fetch a key from keyservers with Enigmail.

Assigning to anonym for QA with his Foundations Team hat (as per our new arrangement i.e. it's not the RM's job anymore).

If you feel comfortable taking this in a bugfix release, feel free to rebase on stable and merged there.

Also available in: Atom PDF