[Pkg-anonymity-tools] Bug#762890: Bug#762890: Proposal for next release

[intrigeri]

Hi,

u wrote (29 Sep 2014 08:56:52 GMT) :
> so if i get that right, for the next version of onionshare, which is
> out, and which i shall package in the forthcoming days, i will put the
> package into contrib and make torbrowser-launcher a dependency.

I think that it's the best we can do in time for Jessie.

> Then, for a next version which may rely on a system Tor, we can remodify
> this setting, get the package back to main and make tor instead a
> dependency and torbrowser-launcher a suggestion.

This could be an option, but then the steps to use onionshare will
need to include "adduser $MYUSER debian-tor", as the Vidalia package
proposes to do via debconf. Of course, this grants a lot more
privileges to $MYUSER than what onionshare actually needs, which is in
itself a security problem (as in: any remotely triggerable security
issue in onionshare may result in de-anonymization).

I've discussed this with Micah Lee, and our current conclusion was
that the part of onionshare that needs to 1. interact with the
Control{Port,Socket}; and 2. have read access to the hidden services
directories, should be migrated to a separate, privileged helper, that
would offer a minimal interface to onionshare. This would allow
granting desktop users access to just the Tor control operations they
need. This helper could e.g. be started by D-Bus activation, so that
it doesn't run continuously, and there's no need to integrate it into
the various init systems that are (still) around in the GNU/Linux
world these days... and there's no need to invent yet another IPC
protocol. Granting access to this privileged helper would still need
some manual operation by the local system administrator, though.
It might be that polkit could help a bit.

This refactoring would also help a lot integrating onionshare properly
into Tails and Whonix (how this can be combined with their filtering
Tor control protocol proxies is left to be thought).

Cheers,
-- 
intrigeri