On 09/26/2014 12:06 AM, Paul Wise wrote: > OnionShare should use the default control settings for the Debian tor:
Unfortunately OnionShare doesn't work with the system tor without changing a bunch of stuff around, due to limitations in tor. Instead it's recommended that you install Tor Browser Bundle (perhaps using the torbrowser-launcher Debian package) and run it before running OnionShare. When you connect to the control port, you start a hidden service by setting the values HiddenServiceDir and HiddenServicePort. The control port doesn't respond with the .onion address, which is an important thing to know. The only way to learn that is to look in HiddenServiceDir for a file called "hostname" and read its contents. If you're using a system tor, that file is only readable by the debian-tor user, which means an unprivileged user can't learn the .onion address. Also (at least I believe) in the default Debian torrc file the control port isn't enabled. So users would have to edit their torrc before being able to use OnionShare. If the user has Tor Browser open, it will be running its own separate Tor process as the current user. So when it writes a hostname file to HiddenServiceDir, that file is readable by the current user. One potential option to help this problem would be to make tor a dependency of onionshare, and have OnionShare launch its own tor process (independent of the system tor process) for starting a hidden service. -- Micah Lee -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
