unsafe-browser 9.18 KB
Newer Older
1
#!/bin/sh
2

3 4
set -e

Tails developers's avatar
Tails developers committed
5
CMD=$(basename ${0})
6
LOCK=/var/lock/${CMD}
Tails developers's avatar
Tails developers committed
7 8

. gettext.sh
9
TEXTDOMAIN="tails"
Tails developers's avatar
Tails developers committed
10 11
export TEXTDOMAIN

12
ROFS=/lib/live/mount/rootfs/filesystem.squashfs
13 14 15
CONF_DIR=/var/lib/unsafe-browser
COW=${CONF_DIR}/cow
CHROOT=${CONF_DIR}/chroot
16
CLEARNET_USER=clearnet
17 18 19

# Import tor_is_working()
. /usr/local/lib/tails-shell-library/tor.sh
20

21 22 23 24 25 26 27 28
WARNING_PAGE='/usr/share/doc/tails/website/misc/unsafe_browser_warning'
LANG_CODE="$(echo ${LANG} | head -c 2)"
if [ -r "${WARNING_PAGE}.${LANG_CODE}.html" ]; then
   START_PAGE="${WARNING_PAGE}.${LANG_CODE}.html"
else
   START_PAGE="${WARNING_PAGE}.en.html"
fi

29 30 31 32
if [ -e /var/lib/gdm3/tails.camouflage ]; then
    CAMOUFLAGE=yes
fi

33
cleanup () {
34 35 36
    # Break down the chroot and kill all of its processes
    local counter=0
    local ret=0
37
    while [ "${counter}" -le 10 ] && \
Tails developers's avatar
Tails developers committed
38
        pgrep -u ${CLEARNET_USER} 1>/dev/null 2>&1; do
39
        pkill -u ${CLEARNET_USER} 1>/dev/null 2>&1
40
        ret=${?}
41
        sleep 1
42
        counter=$((${counter}+1))
43
    done
44
    [ ${ret} -eq 0 ] || pkill -9 -u ${CLEARNET_USER} 1>/dev/null 2>&1
45
    for mnt in ${CHROOT}/dev ${CHROOT}/proc ${CHROOT} ${COW}; do
46
        counter=0
47 48
        while [ "${counter}" -le 10 ] && mountpoint -q ${mnt} 2>/dev/null; do
            umount ${mnt} 2>/dev/null
49
            sleep 1
50
            counter=$((${counter}+1))
51 52
        done
    done
53
    rmdir ${COW} ${CHROOT} 2>/dev/null
54 55 56
}

error () {
57 58
    local cli_text="${CMD}: `gettext \"error:\"` ${@}"
    local dialog_text="<b><big>`gettext \"Error\"`</big></b>
59

60
${@}"
61
    echo "${cli_text}" >&2
62
    sudo -u ${SUDO_USER} zenity --error --title "" --text "${dialog_text}"
63 64 65
    exit 1
}

66 67
verify_start () {
    # Make sure the user really wants to start the browser
68
    local dialog_msg="<b><big>`gettext \"Do you really want to launch the Unsafe Browser?\"`</big></b>
69

Tails developers's avatar
Tails developers committed
70
`gettext \"Network activity within the Unsafe Browser is <b>not anonymous</b>. Only use the Unsafe Browser if necessary, for example if you have to login or register to activate your Internet connection.\"`"
71 72 73 74 75 76
    local launch="`gettext \"_Launch\"`"
    local exit="`gettext \"_Exit\"`"
    # Since zenity can't set the default button to cancel, we switch the
    # labels and interpret the return value as its negation.
    if sudo -u ${SUDO_USER} zenity --question --title "" --ok-label "${exit}" \
       --cancel-label "${launch}" --text "${dialog_msg}"; then
77 78 79
        exit 0
    fi
}
80

81 82 83 84 85 86
show_start_notification () {
    local title="`gettext \"Starting the Unsafe Browser...\"`"
    local body="`gettext \"This may take a while, so please be patient.\"`"
    notify-send -t 10000 "${title}" "${body}"
}

87 88 89 90
setup_chroot () {
    # Setup a chroot on an aufs "fork" of the filesystem.
    # FIXME: When LXC matures to the point where it becomes a viable option
    # for creating isolated jails, the chroot can be used as its rootfs.
91 92
    echo "* Setting up chroot"

93 94 95
    trap cleanup INT
    trap cleanup EXIT

96
    mkdir -p ${COW} ${CHROOT} && \
97 98 99
    mount -t tmpfs tmpfs ${COW} && \
    mount -t aufs -o noatime,noxino,dirs=${COW}=rw:${ROFS}=rr+wh aufs ${CHROOT} && \
    mount -t proc proc ${CHROOT}/proc && \
Tails developers's avatar
Tails developers committed
100 101
    mount --bind /dev ${CHROOT}/dev || \
    error "`gettext \"Failed to setup chroot.\"`"
102 103 104

    # Workaround for todo/buggy_aufs_vs_unsafe-browser
    chmod -t ${COW}
105 106
}

107 108
set_chroot_browser_name () {
    NAME="${1}"
Tails developers's avatar
Tails developers committed
109
    LONG=$(echo ${LANG} | grep -o "^[a-zA-Z_]*")
110
    SHORT=${LONG%%_*}
111
    EXT_DIR=${CHROOT}/usr/lib/iceweasel/browser/extensions
112
    BRANDING=branding/brand.dtd
113
    if [ -e "${EXT_DIR}/langpack-${LONG}@iceweasel.mozilla.org.xpi" ]; then
114
        PACK="${EXT_DIR}/langpack-${LONG}@iceweasel.mozilla.org.xpi"
115
        TOP=browser/chrome
116
        REST=${LONG}/locale
117 118
    elif [ -e "${EXT_DIR}/langpack-${SHORT}@iceweasel.mozilla.org.xpi" ]; then
        PACK="${EXT_DIR}/langpack-${SHORT}@iceweasel.mozilla.org.xpi"
119
        TOP=browser/chrome
120
        REST=${SHORT}/locale
121
    else
122
        PACK=${CHROOT}/usr/share/iceweasel/browser/chrome/en-US.jar
123 124 125 126 127
        TOP=locale
        REST=
    fi

    TMP=$(mktemp -d)
128 129 130
    # Non-zero exit code due to non-standard ZIP archive.
    # The following steps will fail soon if the extraction failed anyway.
    unzip -d "${TMP}" "${PACK}" || true
131
    sed -i "s/Iceweasel/${NAME}/" "${TMP}"/"${TOP}"/"${REST}"/"${BRANDING}"
132 133
    rm "${PACK}"
    (cd $TMP ; 7z a -tzip "${PACK}" .)
134 135 136 137
    chmod a+r "${PACK}"
    rm -Rf "${TMP}"
}

138
configure_chroot () {
139 140
    echo "* Configuring chroot"

141 142
    # Set the chroot's DNS servers to those obtained through DHCP
    rm -f ${CHROOT}/etc/resolv.conf
143
    for NS in ${IP4_NAMESERVERS}; do
144 145 146 147
        echo "nameserver ${NS}" >> ${CHROOT}/etc/resolv.conf
    done
    chmod a+r ${CHROOT}/etc/resolv.conf

148 149
    # Remove all Iceweasel addons: some adds proxying, which we don't
    # want; some may change the fingerprint compared to a standard
150 151 152 153
    # Iceweasel install. Note: We cannot use apt-get since we don't ship its
    # lists (#6531). Too bad, APT supports globbing, while dkpg does not.
    dpkg -l 'xul-ext-*' | /bin/grep '^ii' | awk '{print $2}' | \
        xargs chroot ${CHROOT} dpkg --remove
154 155

    # Disable proxying in the chroot
156 157
    sed -r -i '/^(user_|)pref\("network\.proxy\..*",/d' \
        ${CHROOT}/etc/iceweasel/*/*.js
158 159
    echo 'user_pref("network.proxy.type", 0);' >> \
        ${CHROOT}/etc/iceweasel/profile/user.js
160 161
    echo 'user_pref("network.proxy.socks_remote_dns", false);' >> \
        ${CHROOT}/etc/iceweasel/profile/user.js
162
    rm -rf ${CHROOT}/etc/iceweasel/profile/extensions
163

Tails developers's avatar
Tails developers committed
164
    # Set a scary theme (except if we're using Windows camouflage)
165
    if [ -z "${CAMOUFLAGE}" ]; then
Tails developers's avatar
Bugfix.  
Tails developers committed
166
        cat >> ${CHROOT}/etc/iceweasel/profile/user.js <<EOF
167
user_pref("lightweightThemes.isThemeSelected", true);
168
user_pref("lightweightThemes.usedThemes", "[{\"id\":\"1\",\"name\":\"Unsafe Browser\",\"headerURL\":\"file:///usr/share/pixmaps/red_dot.png\",\"footerURL\":\"file:///usr/share/pixmaps/red_dot.png\",\"textcolor\":\"#FFFFFF\",\"accentcolor\":\"#CC0000\",\"updateDate\":0,\"installDate\":0}]");
169
EOF
170
    else
171
        chroot ${CHROOT} sudo -H -u clearnet tails-activate-winxp-theme
172
    fi
173

174 175 176
    # Set the name (e.g. window title) of the browser
    set_chroot_browser_name "`gettext \"Unsafe Browser\"`"

177 178 179
    # Set start page to something that explains what's going on
    echo 'user_pref("browser.startup.homepage", "'${START_PAGE}'");' >> \
        ${CHROOT}/etc/iceweasel/profile/user.js
180 181 182

    # Remove all bookmarks
    rm -f ${CHROOT}/etc/iceweasel/profile/bookmarks.html
183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202

    # Make the English wikipedia the only available and default search
    # engine (this is a documented cue for identifying the Unsafe Browser,
    # which is extra important in camouflage mode when the scary coloured
    # theme is disabled.)
    find ${CHROOT}/etc/iceweasel/profile/searchplugins/ \
         ${CHROOT}/etc/iceweasel/searchplugins -name "*.xml" | \
        while read searchengine; do
            if basename "$searchengine" | grep -qvi wikipedia; then
                rm "${searchengine}"
            fi
        done
    sed -i '/^user_pref("browser.search.defaultenginename",/d' \
        ${CHROOT}/etc/iceweasel/profile/user.js
    echo 'user_pref("browser.search.defaultenginename", "Wikipedia (en)");' >> \
        ${CHROOT}/etc/iceweasel/profile/user.js
    sed -i '/^user_pref("browser.search.selectedEngine",/d' \
        ${CHROOT}/etc/iceweasel/profile/user.js
    echo 'user_pref("browser.search.selectedEngine", "Wikipedia (en)");' >> \
        ${CHROOT}/etc/iceweasel/profile/user.js
203 204
}

205
run_browser_in_chroot () {
206
    # Start Iceweasel in the chroot
207 208
    echo "* Starting Unsafe Browser"

209
    sudo -u ${SUDO_USER} xhost +SI:localuser:${CLEARNET_USER} 2>/dev/null
210
    chroot ${CHROOT} sudo -u ${CLEARNET_USER} /usr/bin/iceweasel -DISPLAY=:0.0
211
    sudo -u ${SUDO_USER} xhost -SI:localuser:${CLEARNET_USER} 2>/dev/null
212 213
}

214 215 216 217 218 219
show_shutdown_notification () {
    local title="`gettext \"Shutting down the Unsafe Browser...\"`"
    local body="`gettext \"This may take a while, and you may not restart the Unsafe Browser until it is properly shut down.\"`"
    notify-send -t 10000 "${title}" "${body}"
}

220 221 222 223 224
maybe_restart_tor () {
    # Restart Tor if it's not working (a captive portal may have prevented
    # Tor from bootstrapping, and a restart is the fastest way to get
    # wheels turning)
    if ! tor_is_working; then
225
        echo "* Restarting Tor"
226 227
        restart-tor
        if ! service tor status >/dev/null; then
228 229
            error "`gettext \"Failed to restart Tor.\"`"
        fi
230 231
    fi
}
232

233 234 235 236 237 238
# Prevent multiple instances of the script.
exec 9>${LOCK}
if ! flock -x -n 9; then
    error "`gettext \"Another Unsafe Browser is currently running, or being cleaned up. Please retry in a while.\"`"
fi

239
# Get the DNS servers that was obtained from NetworkManager, if any...
240 241 242 243 244 245 246 247
NM_ENV=/var/lib/NetworkManager/env
if [ -r "${NM_ENV}" ]; then
    . ${NM_ENV}
fi
# ... otherwise fail.
# FIXME: Or would it make sense to fallback to Google's DNS or OpenDNS?
# Some stupid captive portals may allow DNS to any host, but chances are
# that only the portal's DNS would forward to the login page.
248
if [ -z "${IP4_NAMESERVERS}" ]; then
Tails developers's avatar
Tails developers committed
249
    error "`gettext \"No DNS server was obtained through DHCP or manually configured in NetworkManager.\"`"
250 251
fi

252
verify_start
253
show_start_notification
254 255
setup_chroot
configure_chroot
256 257
run_browser_in_chroot
show_shutdown_notification
258
maybe_restart_tor
259 260

exit 0