[Pkg-anonymity-tools] OnionShare 0.7 released

Micah Lee micah at micahflee.com
Tue May 19 18:48:13 UTC 2015 

On 05/19/2015 09:04 AM, intrigeri wrote:
> FYI, the tor package has been shipping an AppArmor profile for years
> in Debian and Ubuntu as well. Do Tails-specific modifications to that
> AppArmor profile trigger the need for a specific behaviour when
> OnionShare is running on Tails, or should that behaviour instead be
> used wherever Tor is confined?

At the moment, OnionShare needs to need to running as the same user as
the tor process. This is because after it starts a hidden service, tor
creates the hidden service directory with the private key and hostname
files only readable by its user, but OnionShare needs to be read the
hostname in order to display the URL to share.

It looks like tor 0.2.7.1-alpha might have included new features that
can solve this problem [1] but I haven't actually tried it yet.

But in any case, because of this limitation OnionShare requires Tor
Browser to be running in the background and doesn't support a system
tor. But in the case of Tails, it needs to support a system tor. So when
onionshare is ready to start a hidden service, and it detects that it's
running in Tails, it spawns a new root process that takes care of
accessing the control port and reading the hostname file. So in this
way, it is Tails specific, because Tails users are the only ones that
use OnionShare with a system tor.

However, the tor service that comes with Tor Browser is also
AppArmor-confined in Tor Browser Launcher, and it occurs to me that that
profile doesn't have permission to write to where OnionShare wants it to
write to, which is just the output of tempfile.mkdtemp() [2]. I just
opened new issues for this in Tor Browser Launcher [3] and in OnionShare
[4].

[1] https://github.com/micahflee/onionshare/issues/178
[2]
https://github.com/micahflee/onionshare/blob/master/onionshare/onionshare.py#L134
[3] https://github.com/micahflee/torbrowser-launcher/issues/182
[4] https://github.com/micahflee/onionshare/issues/185

-- 
Micah Lee
OpenPGP: 0B1491929806596254700155FD720AD9EBA34B1C

More information about the Pkg-anonymity-tools mailing list