Re: [Tails-dev] OnionShare bug in Tails

This message is part of the following thread:
Mthe complete thread tree sorted by date
Mintrigeri at <-
MMicah Lee at ->
Delete this message

Reply to this message
Author: Micah Lee
Date:  
To: intrigeri
CC: tails-dev
Subject: Re: [Tails-dev] OnionShare bug in Tails
On 05/15/2015 11:21 AM, intrigeri wrote:
> Hi Micah,
>
> Micah Lee wrote (15 May 2015 00:11:53 GMT) :
>> OnionShare recently stopped working in Tails
> Can you please be more specific wrt. what version of Tails worked for
> you, and what version stopped working?

I just tested a bunch of old versions of Tails in VMs and confirmed that
it last worked in 1.2.3 and stopped working in 1.3.

>
>> Specifically, OnionShare is able to connect to the Tor control port, but
>> when it tries to create a hidden service it now causes the entire tor
>> process to crash, and it looks like this is related to Tor sandbox
>> warnings. You can look at the issue on github to see the full tor logs,
>> but basically there are a handful of "sandbox_intern_string(): Bug: No
>> interned sandbox parameter found for /var/lib/tor/tmpBuBZmk" errors
>> (/var/lib/tor/tmpBuBZmk being the hidden service dir), ending with a
>> crash: "(Sandbox) Caught a bad syscall attempt (syscall open)".
> Looks like a bug in Tor sandbox rather than anything Tails-specific
> to me.

Agreed, but I haven't run into it anywhere except in Tails. Maybe this
is because all other platforms use the tor service from Tor Browser
rather than a system Tor, and that doesn't have sandboxing enabled or
something? 

>> So I can find very little information about what's causing this or how
>> to fix it. Anyone here know?
> 0. Make sure there are no AppArmor-related messages for Tor in `sudo
>    dmesg`. If there are, please report them to us.

There are no AppArmor errors. 

> 1. Try without Tor sandboxing (configuring a bridge as documented via
>    Tails Greeter + Tor Launcher should be enough, since we disable the
>    sandbox when special Tor config is requested).

When I enable a bridge it doesn't cause the tor crash. So I think this
is a Tor sandbox issue.

However, onionshare fails for some other reason when a bridge is
enabled. I think this is an entirely separate issue, but I'm looking
into it. 

> 2. If #1 confirmed that the only problem is caused by Tor sandboxing,
>    report a bug on the Tor bug tracker: we don't maintain the Tor
>    sandbox in Tails :)

Apparently tor immediately crashes in Tor Browser if you edit its torrc
and set "Sandbox 1". So now I'm testing using a system Tor in Debian,
not Tails, and I can confirm that starting a hidden service causes a
crash. I'll try to make a simpler piece of code that reproduces it and
open a tor bug.

--
Micah Lee
OpenPGP: 0B1491929806596254700155FD720AD9EBA34B1C


This message was posted to the following mailing lists:
tails-dev
Mailing List Info | Nearby Messages		<-[Tails-dev] RFC: persistent Tor stateRe: [Tails-dev] OnionShare bug in Tails->
lists.autistici.org administrated by postmasterLurker (version 2.3)