Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

socks5 port exposed to network on Chrome OS #2248

Closed
Cnly opened this issue Jun 22, 2019 · 4 comments

Comments

@Cnly
Copy link

commented Jun 22, 2019

Describe the bug
The commit f799649 hard-coded the app to bind 0.0.0.0 on Chrome OS and it stated it was safe at that time. However, this doesn't seem true anymore because the port exposed is now accessible from other machines in the network.

Chrome OS version used for testing: Version 76.0.3809.20 (Official Build) dev (64-bit)

To Reproduce
Enable the proxy with any profile and confirm the SOCKS5 proxy port set in settings page is accessible from another machine in the same network.

Expected behavior
I'd expect a switch that allows the user to decide whether to share their connection. I found there seems to be the option Key.shareOverLan, but I didn't find a way to modify its value.

Screenshots
Not applicable

Smartphone (please complete the following information):

  • Chrome OS Version 76.0.3809.20 (Official Build) dev (64-bit)
  • Version: 4.8.0 (from Play Store)
  • Last version that did not exhibit the issue: Presumably the version before f799649.

Configuration
Put an x inside the [ ] that applies.

  • IPv4 server address
  • IPv6 server address
  • Client IPv4 availability
  • Client IPv6 availability
  • Encrypt method:
  • Route
    • All
    • Bypass LAN
    • Bypass China
    • Bypass LAN & China
    • GFW List
    • China List
    • Custom rules
  • IPv6 route
  • Apps VPN mode
    • Bypass mode
  • Remote DNS: 8.8.8.8
  • DNS over UDP
  • Plugin configuration (if applicable):
  • Auto Connect
  • TCP Fast Open
@Mygod

This comment has been minimized.

Copy link
Contributor

commented Jun 22, 2019

I cannot reproduce this. What is your Platform as in chrome://version? Mine is 11895.118.0 (Official Build) stable-channel kevin (74 stable channel). Was it working properly before?

I have enabled ADB over network and ran nmap <LAN IP> -p 22,1080,5555 -Pn and got the results:

PORT     STATE    SERVICE
22/tcp   open     ssh
1080/tcp filtered socks
5555/tcp filtered freeciv

Nmap done: 1 IP address (1 host up) scanned in 1.23 seconds
@Cnly

This comment has been minimized.

Copy link
Author

commented Jun 22, 2019

Thanks for the quick reply. My platform is 12239.8.0 (Official Build) dev-channel rammus with developer mode disabled, and I didn't test for this when I was on stable. :(

I noticed there's a Enable ARC VPN integration option in chrome://flags, but the port is still open whether it's enabled or disabled.

I've set the port number in settings to 54321 instead of 1080 so it's distinguished from other possible apps, and with nmap <LAN IP> -p 54321,1080 I got:

PORT      STATE  SERVICE
1080/tcp  closed socks
54321/tcp open   unknown

when Shadowsocks is enabled.

@Mygod

This comment has been minimized.

Copy link
Contributor

commented Jun 22, 2019

Okay I think I managed to reproduce this with proxy only mode. Can you try if the following command in crosh fixes this?

sudo iptables -t nat -I try_arc -j RETURN

P.S. To revert the effect, reboot or execute sudo iptables -t nat -D try_arc -j RETURN.

@Mygod Mygod removed the cannot reproduce label Jun 22, 2019
@Cnly

This comment has been minimized.

Copy link
Author

commented Jun 22, 2019

I think I won't be able to get sudo (or even a normal shell) without putting the device into developer mode... which I try not to. But if it's definitely needed then I may be able to do it when I have more time. Sorry about that, but is there any other ways to help confirm the problem?

Also I tested again and I can reproduce this in both VPN and proxy only mode.

@Mygod Mygod added the bug label Jun 22, 2019
@Mygod Mygod closed this in 1cc1248 Jun 23, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.