[Pkg-privacy-maintainers] Bug#849227: onionshare: CLI never shuts down after download - GUI always does

Henrik Ahlgren pablo at seestieto.com
Fri Dec 23 20:56:05 UTC 2016 

Package: onionshare
Version: 0.6-3
Severity: important

Manual page reads:

"OnionShare's default behaviour is to shut down the hidden service and
to stop once the file has been downloaded. You can prevent this
behaviour by invoking the --stay-open option. This can be useful if
you want multiple people to access the same file."

However, the command line version always allows multiple downloads
until onionshare is manually stopped, with or without --stay-open.

-------------8<--------------
$ onionshare /usr/bin/vi
Connecting to Tor control port to set up hidden service on port 60373.
Preparing files to share.
Waiting for HS to be ready:
Trying...  * Running on http://127.0.0.1:60373/
Not ready yet.
Trying... Ready!
Give this URL to the person you're sending the file to:
http://XXXXXXXXXXXXXXXX.onion/YYYYYYYYYYYYYYYYYYYYYYYYYY

Press Ctrl-C to stop server
127.0.0.1 - - [DD/Dec/2016 HH:MM:SS] "GET / HTTP/YYYYYYYYYYYYYYYYYYYYYYYYYY 1.1" 200 -
127.0.0.1 - - [DD/Dec/2016 HH:MM:SS] "GET /YYYYYYYYYYYYYYYYYYYYYYYYYY HTTP/1.1" 200 -
127.0.0.1 - - [DD/Dec/2016 HH:MM:SS] "GET /YYYYYYYYYYYYYYYYYYYYYYYYYY HTTP/1.1" 200 -
^C127.0.0.1 - - [DD/Dec/2016 MM:MM:SS] "GET /YYYYYYYYYYYYYYYYYYYYYYYYYY/shutdown HTTP/1.1" 200 -
-------------8<--------------

The GUI version malfunctions the opposite way: there is a checkbox
"Stop server automatically", but it has no effect – the server always
stops after the first download.

This is quite confusing and the CLI behaviour is potentially unsecure.

-- System Information:
Debian Release: 8.6
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.8.0-0.bpo.2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages onionshare depends on:
ii  python               2.7.9-1
ii  python-flask         0.10.1-2
ii  python-qt4           4.11.2+dfsg-1
ii  python-stem          1.2.2-1.1
ii  torbrowser-launcher  0.1.9-1+deb8u3

onionshare recommends no packages.

onionshare suggests no packages.

-- debconf-show failed

More information about the Pkg-privacy-maintainers mailing list