Project

General

Profile

Feature #12226

Feature #5688: Tails Server: Self-hosted services behind Tails-powered onion services

Feature #12230: Release Tails Server Beta

Initial review of Tails Server implementation

Added by anonym over 1 year ago. Updated 2 months ago.

Status:
In Progress
Priority:
Normal
Assignee:
Category:
-
Target version:
-
Start date:
02/13/2017
Due date:
% Done:

20%

QA Check:
Feature Branch:
Type of work:
Code
Blueprint:
Starter:
Affected tool:
Server

History

#1 Updated by segfault over 1 year ago

#2 Updated by anonym over 1 year ago

  • Target version changed from Tails_2.11 to Tails_2.12

#3 Updated by anonym about 1 year ago

  • Target version changed from Tails_2.12 to Tails_3.0

#4 Updated by segfault about 1 year ago

#5 Updated by segfault about 1 year ago

  • Parent task set to #12230

#6 Updated by anonym about 1 year ago

  • Status changed from Confirmed to In Progress
  • % Done changed from 0 to 20

Currently Tails Server always starts the service before generating the onion address. Some services need the onion address for their configuration, so the order we do this (start the service, then generate the onion) won't working then. We need to either:

  • Separate the onion address generation part into a step of its own that we run before starting the service.
  • Introduce an option that starts the service after the onion address has been generated and published.
  • Simply switch the order so the service always is starter after the onion has been published. I don't really see a reason why this isn't the case. Was there a reason for the current order?

# XXX: The connection string is user controlled, but because subprocess
# handles escaping and quoting of arguments, this should still be secure.

The way you invoke Popen means exec() will be used, not the shell, so there is no escaping and quoting to worry about. I.e. you can kill this comment.


sudo -u "$RUN_AS_USER" /usr/local/sbin/tails-server $@

You'll want to quote $@ to retain the quoting of the parameters for the wrapped application.


@is_installed.setter
def is_installed(self, value):

It feels odd to have a setter with the is_-prefix. Not a blocker.

#7 Updated by anonym about 1 year ago

  • Target version changed from Tails_3.0 to Tails_3.1

#8 Updated by anonym 11 months ago

  • Target version changed from Tails_3.1 to Tails_3.2

#9 Updated by intrigeri 9 months ago

  • Affected tool set to Server

#10 Updated by intrigeri 9 months ago

  • Target version changed from Tails_3.2 to Tails_3.3

#11 Updated by intrigeri 7 months ago

  • Target version changed from Tails_3.3 to Tails_3.5

#12 Updated by intrigeri 6 months ago

  • Target version changed from Tails_3.5 to Tails_3.6

#13 Updated by anonym 3 months ago

I have started reviewing by committing my comments/suggested changes straight into Git in the anonym/review branches at:

#14 Updated by bertagaz 3 months ago

  • Target version changed from Tails_3.6 to Tails_3.7

#15 Updated by intrigeri 2 months ago

  • Target version deleted (Tails_3.7)

Also available in: Atom PDF