I'm trying to squash a bug with running OnionShare in Tails and I've narrowed it down to a bug in the Tor server in sandbox mode. Here's the related OnionShare issue: https://github.com/micahflee/onionshare/issues/179 Here's a simple script that creates a hidden service using the Tor control port, with stem and flask: ``` import os from stem.control import Controller from flask import Flask def main(): # set up flask app = Flask("example") @app.route('/') def index(): return "<h1>Testing Tor sandbox!</h1>" # set up hidden service controller = Controller.from_port() controller.authenticate() hs_dir = '/tmp/bugtest' print "Creating our hidden service in %s" % hs_dir controller.set_options([ ('HiddenServiceDir', hs_dir), ('HiddenServicePort', '80 127.0.0.1:5000') ]) onion = open(hs_dir + "/hostname", "r").read().strip() print 'Running on {0}'.format(onion) # start web app app.run(port=5000) if __name__ == '__main__': main() ``` (Note that you need to manually delete /tmp/bugtest before running this script a second time.) If you set "Sandbox 0" in torrc and run this script, it works great, and the output looks like this: ``` user@dev:~/code/tor-sandbox-hs-bug$ sudo python tor-sandbox-hs-bug.py Creating our hidden service in /tmp/bugtest Running on 3ekculjvzye6zr6s.onion * Running on http://127.0.0.1:5000/ 127.0.0.1 - - [18/May/2015 15:37:56] "GET / HTTP/1.1" 200 - 127.0.0.1 - - [18/May/2015 15:37:59] "GET /favicon.ico HTTP/1.1" 404 - ``` But if you set "Sandbox 1" in torrc and run the same script again, the script throws an exception and tor crashes: ``` user@dev:~/code/tor-sandbox-hs-bug$ sudo python tor-sandbox-hs-bug.py Creating our hidden service in /tmp/bugtest Traceback (most recent call last): File "tor-sandbox-hs-bug.py", line 32, in <module> main() File "tor-sandbox-hs-bug.py", line 22, in main ('HiddenServicePort', '80 127.0.0.1:5000') File "/usr/lib/python2.7/dist-packages/stem/control.py", line 1859, in set_options response = self.msg(query) File "/usr/lib/python2.7/dist-packages/stem/control.py", line 469, in msg raise exc stem.SocketClosed: Received empty socket content. ``` Here's what ends up in the tor log: ``` May 18 15:38:48.000 [notice] New control connection opened from 127.0.0.1. May 18 15:38:48.000 [notice] Tor 0.2.5.12 (git-3731dd5c3071dcba) opening log file. May 18 15:38:48.000 [warn] sandbox_intern_string(): Bug: No interned sandbox parameter found for /tmp/bugtest May 18 15:38:48.000 [warn] sandbox_intern_string(): Bug: No interned sandbox parameter found for /tmp/bugtest/private_key May 18 15:38:48.000 [warn] sandbox_intern_string(): Bug: No interned sandbox parameter found for /tmp/bugtest/private_key.tmp ============================================================ T= 1431988728 (Sandbox) Caught a bad syscall attempt (syscall open) /usr/bin/tor(+0x128176)[0x7f1391729176] /lib/x86_64-linux-gnu/libpthread.so.0(open64+0x10)[0x7f13901fa1d0] /lib/x86_64-linux-gnu/libpthread.so.0(open64+0x10)[0x7f13901fa1d0] /usr/bin/tor(tor_open_cloexec+0x40)[0x7f1391715380] /usr/bin/tor(start_writing_to_file+0xf2)[0x7f1391724182] /usr/bin/tor(+0x1232eb)[0x7f13917242eb] /usr/bin/tor(+0x123438)[0x7f1391724438] /usr/bin/tor(crypto_pk_write_private_key_to_filename+0xcb)[0x7f1391731b6b] /usr/bin/tor(init_key_from_file+0x172)[0x7f1391668302] /usr/bin/tor(+0x5a36e)[0x7f139165b36e] /usr/bin/tor(rend_service_load_all_keys+0x81)[0x7f139165d451] /usr/bin/tor(set_options+0xc5f)[0x7f13916bff5f] /usr/bin/tor(options_trial_assign+0xbb)[0x7f13916c14fb] /usr/bin/tor(+0xdbe2e)[0x7f13916dce2e] /usr/bin/tor(connection_control_process_inbuf+0x776)[0x7f13916e1056] /usr/bin/tor(+0xcbd95)[0x7f13916ccd95] /usr/bin/tor(+0x34a21)[0x7f1391635a21] /usr/lib/x86_64-linux-gnu/libevent-2.0.so.5(event_base_loop+0x7fc)[0x7f1390c8a3dc] /usr/bin/tor(do_main_loop+0x194)[0x7f1391637204] /usr/bin/tor(tor_main+0x1705)[0x7f139163a035] /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5)[0x7f138fc5fb45] /usr/bin/tor(+0x3279b)[0x7f139163379b] ```