Description: Fix CVE-2016-5026.
 See http://www.openwall.com/lists/oss-security/2016/05/23/5 for details
 on a potential convoluted attack. Basically, /tmp/onionshare is
 a predictable name, which mean that a local attacker
 could precreate it on a shared server and later mess with the hidden
 service operations in various way.
Author: Michael Scherer <misc@zarb.org>

--- a/onionshare/hs.py
+++ b/onionshare/hs.py
@@ -99,16 +99,7 @@
                 self.hidserv_dir = self.hidserv_dir.replace('\\', '/')

             else:
-                path = '/tmp/onionshare'
-                try:
-                    if not os.path.exists(path):
-                        os.makedirs(path, 0700)
-                except:
-                    raise HSDirError(strings._("error_hs_dir_cannot_create").format(path))
-                if not os.access(path, os.W_OK):
-                    raise HSDirError(strings._("error_hs_dir_not_writable").format(path))
-
-                self.hidserv_dir = tempfile.mkdtemp(dir=path)
+                self.hidserv_dir = tempfile.mkdtemp(suffix='onionshare',dir='/tmp')

             self.cleanup_filenames.append(self.hidserv_dir)

@@ -230,17 +221,17 @@
                 '80 127.0.0.1:33302'
             ],
             'HiddenServiceDir': [
-                '/tmp/onionshare/tmplTfZZu',
-                '/tmp/onionshare/tmpchDai3'
+                '/tmp/onionsharetmplTfZZu',
+                '/tmp/onionsharetmpchDai3'
             ]
         }


         Output will look like this:
         [
-            ('HiddenServiceDir', '/tmp/onionshare/tmplTfZZu'),
+            ('HiddenServiceDir', '/tmp/onionsharetmplTfZZu'),
             ('HiddenServicePort', '80 127.0.0.1:47906'),
-            ('HiddenServiceDir', '/tmp/onionshare/tmpchDai3'),
+            ('HiddenServiceDir', '/tmp/onionsharetmpchDai3'),
             ('HiddenServicePort', '80 127.0.0.1:33302')
         ]
         """
