tor-browser 2.27 KB
Newer Older
1
2
#!/bin/sh

3
4
5
6
7
8
# AppArmor Ux rules don't sanitize $PATH, which can lead to an
# exploited application (that's allowed to run this script unconfined)
# having this script run arbitrary code, violating that application's
# confinement. Let's prevent that by setting PATH to a list of
# directories where only root can write.
export PATH='/usr/local/bin:/usr/bin:/bin'
9
10
11
12
13
14
15
16
17
18
19

# Do not "set -u", else importing gettext.sh dies
# with "ZSH_VERSION: parameter not set".
set -e

. gettext.sh
TEXTDOMAIN="tails"
export TEXTDOMAIN

PROFILE="${HOME}/.tor-browser/profile.default"

20
# Import exec_firefox() and configure_best_tor_browser_locale()
21
22
. /usr/local/lib/tails-shell-library/tor-browser.sh

23
ask_for_confirmation() {
24
    # Skip dialog if user is already running Tor Browser:
25
    if pgrep -u amnesia -f "${TBB_INSTALL}/firefox" ; then
26
27
28
        return
    fi

29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
    local dialog_title="`gettext \"Tor is not ready\"`"
    local dialog_text="`gettext \"Tor is not ready. Start Tor Browser anyway?\"`"
    local dialog_start="`gettext \"Start Tor Browser\"`"
    local dialog_cancel="`gettext \"Cancel\"`"
    # zenity can't set the default button to cancel, so we switch the
    # labels and interpret the return value as its negation.
    ! zenity --question \
        --title "$dialog_title" --text="$dialog_text" \
        --cancel-label "$dialog_start" --ok-label "$dialog_cancel"
}

tor_has_bootstrapped() {
    sudo -n -u debian-tor /usr/local/sbin/tor-has-bootstrapped
}

start_browser() {
    if [ ! -d "${PROFILE}" ]; then
        /usr/local/bin/generate-tor-browser-profile
    fi

49
50
51
52
    TMPDIR="${PROFILE}/tmp"
    mkdir --mode=0700 -p "$TMPDIR"
    export TMPDIR

53
54
55
    # We need to set general.useragent.locale properly to get
    # localized search plugins (and perhaps other things too). It is
    # not enough to simply set intl.locale.matchOS to true.
56
57
    configure_best_tor_browser_locale "${PROFILE}"

58
59
60
61
62
63
64
    if [ -z "$XAUTHORITY" ]; then
        XAUTHORITY=~/.Xauthority
        export XAUTHORITY
    fi

    unset SESSION_MANAGER

65
    exec_firefox -allow-remote --class "Tor Browser" -profile "${PROFILE}" "${@}"
66
67
68
69
70
71
72
73
74
75
}


if tor_has_bootstrapped || ask_for_confirmation; then
    # Torbutton 1.5.1+ uses those environment variables
    export TOR_SOCKS_HOST='127.0.0.1'
    export TOR_SOCKS_PORT='9150'

    start_browser "${@}"
fi