unsafe-browser 10.6 KB
Newer Older
1
#!/bin/sh
2

3 4
set -e

Tails developers's avatar
Tails developers committed
5
CMD=$(basename ${0})
6
LOCK=/var/lock/${CMD}
Tails developers's avatar
Tails developers committed
7 8

. gettext.sh
9
TEXTDOMAIN="tails"
Tails developers's avatar
Tails developers committed
10 11
export TEXTDOMAIN

12 13 14
CONF_DIR=/var/lib/unsafe-browser
COW=${CONF_DIR}/cow
CHROOT=${CONF_DIR}/chroot
15
CLEARNET_USER=clearnet
16 17 18

# Import tor_is_working()
. /usr/local/lib/tails-shell-library/tor.sh
19

20 21 22
# Import the TBB_INSTALL, TBB_EXT and TBB_PROFILE variables, and
# exec_firefox(), configure_xulrunner_app_locale() and
# guess_best_tor_browser_locale()
23 24
. /usr/local/lib/tails-shell-library/tor-browser.sh

25 26 27 28 29 30 31 32
WARNING_PAGE='/usr/share/doc/tails/website/misc/unsafe_browser_warning'
LANG_CODE="$(echo ${LANG} | head -c 2)"
if [ -r "${WARNING_PAGE}.${LANG_CODE}.html" ]; then
   START_PAGE="${WARNING_PAGE}.${LANG_CODE}.html"
else
   START_PAGE="${WARNING_PAGE}.en.html"
fi

33 34 35 36
if [ -e /var/lib/gdm3/tails.camouflage ]; then
    CAMOUFLAGE=yes
fi

37
cleanup () {
38 39 40
    # Break down the chroot and kill all of its processes
    local counter=0
    local ret=0
41
    while [ "${counter}" -le 10 ] && \
Tails developers's avatar
Tails developers committed
42
        pgrep -u ${CLEARNET_USER} 1>/dev/null 2>&1; do
43
        pkill -u ${CLEARNET_USER} 1>/dev/null 2>&1
44
        ret=${?}
45
        sleep 1
46
        counter=$((${counter}+1))
47
    done
48
    [ ${ret} -eq 0 ] || pkill -9 -u ${CLEARNET_USER} 1>/dev/null 2>&1
49
    for mnt in ${CHROOT}/dev ${CHROOT}/proc ${CHROOT} ${COW}; do
50
        counter=0
51 52
        while [ "${counter}" -le 10 ] && mountpoint -q ${mnt} 2>/dev/null; do
            umount ${mnt} 2>/dev/null
53
            sleep 1
54
            counter=$((${counter}+1))
55 56
        done
    done
57
    rmdir ${COW} ${CHROOT} 2>/dev/null
58 59 60
}

error () {
61 62
    local cli_text="${CMD}: `gettext \"error:\"` ${@}"
    local dialog_text="<b><big>`gettext \"Error\"`</big></b>
63

64
${@}"
65
    echo "${cli_text}" >&2
66
    sudo -u ${SUDO_USER} zenity --error --title "" --text "${dialog_text}"
67 68 69
    exit 1
}

70 71
verify_start () {
    # Make sure the user really wants to start the browser
72
    local dialog_msg="<b><big>`gettext \"Do you really want to launch the Unsafe Browser?\"`</big></b>
73

Tails developers's avatar
Tails developers committed
74
`gettext \"Network activity within the Unsafe Browser is <b>not anonymous</b>. Only use the Unsafe Browser if necessary, for example if you have to login or register to activate your Internet connection.\"`"
75 76 77 78 79 80
    local launch="`gettext \"_Launch\"`"
    local exit="`gettext \"_Exit\"`"
    # Since zenity can't set the default button to cancel, we switch the
    # labels and interpret the return value as its negation.
    if sudo -u ${SUDO_USER} zenity --question --title "" --ok-label "${exit}" \
       --cancel-label "${launch}" --text "${dialog_msg}"; then
81 82 83
        exit 0
    fi
}
84

85 86 87
show_start_notification () {
    local title="`gettext \"Starting the Unsafe Browser...\"`"
    local body="`gettext \"This may take a while, so please be patient.\"`"
88
    tails-notify-user "${title}" "${body}" 10000
89 90
}

91 92 93 94
setup_chroot () {
    # Setup a chroot on an aufs "fork" of the filesystem.
    # FIXME: When LXC matures to the point where it becomes a viable option
    # for creating isolated jails, the chroot can be used as its rootfs.
95 96
    echo "* Setting up chroot"

97 98 99
    trap cleanup INT
    trap cleanup EXIT

100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115
    local rootfs_dir
    local rootfs_dirs_path=/lib/live/mount/rootfs
    local tails_module_path=/lib/live/mount/medium/live/Tails.module
    local aufs_dirs=

    # We have to pay attention to the order we stack the filesystems;
    # newest must be first, and remember that the .module file lists
    # oldest first, newest last.
    while read rootfs_dir; do
        rootfs_dir="${rootfs_dirs_path}/${rootfs_dir}"
        mountpoint -q "${rootfs_dir}" && \
        aufs_dirs="${rootfs_dir}=rr+wh:${aufs_dirs}"
    done < "${tails_module_path}"
    # But our copy-on-write dir must be at the very top.
    aufs_dirs="${COW}=rw:${aufs_dirs}"

116
    mkdir -p ${COW} ${CHROOT} && \
117
    mount -t tmpfs tmpfs ${COW} && \
118
    mount -t aufs -o "noatime,noxino,dirs=${aufs_dirs}" aufs ${CHROOT} && \
119
    mount -t proc proc ${CHROOT}/proc && \
Tails developers's avatar
Tails developers committed
120 121
    mount --bind /dev ${CHROOT}/dev || \
    error "`gettext \"Failed to setup chroot.\"`"
122 123 124

    # Workaround for todo/buggy_aufs_vs_unsafe-browser
    chmod -t ${COW}
125 126
}

127 128
set_chroot_browser_name () {
    NAME="${1}"
129
    LOCALE="${2}"
130
    EXT_DIR=${CHROOT}/"${TBB_EXT}"
131
    BRANDING=branding/brand.dtd
132 133
    if [ "${LOCALE}" != en-US ]; then
        PACK="${EXT_DIR}/langpack-${LOCALE}@firefox.mozilla.org.xpi"
134
        TOP=browser/chrome
135
        REST=${LOCALE}/locale
136
    else
137
        PACK="${CHROOT}/${TBB_INSTALL}/browser/omni.ja"
138 139
        TOP=chrome
        REST=en-US/locale
140 141
    fi
    TMP=$(mktemp -d)
142 143 144
    # Non-zero exit code due to non-standard ZIP archive.
    # The following steps will fail soon if the extraction failed anyway.
    unzip -d "${TMP}" "${PACK}" || true
145
    sed -i "s/<"'!'"ENTITY\s\+brand\(Full\|Short\)Name.*$/<"'!'"ENTITY brand\1Name \"${NAME}\">/" "${TMP}/${TOP}/${REST}/${BRANDING}"
146 147
    rm "${PACK}"
    (cd $TMP ; 7z a -tzip "${PACK}" .)
148 149 150 151
    chmod a+r "${PACK}"
    rm -Rf "${TMP}"
}

152
configure_chroot () {
153 154
    echo "* Configuring chroot"

155 156
    # Set the chroot's DNS servers to those obtained through DHCP
    rm -f ${CHROOT}/etc/resolv.conf
157
    for NS in ${IP4_NAMESERVERS}; do
158 159 160 161
        echo "nameserver ${NS}" >> ${CHROOT}/etc/resolv.conf
    done
    chmod a+r ${CHROOT}/etc/resolv.conf

162
    # Remove all addons: some adds proxying, which we don't
163
    # want; some may change the fingerprint compared to a standard
164
    # Firefox install. Note: We cannot use apt-get since we don't ship its
165 166 167
    # lists (#6531). Too bad, APT supports globbing, while dkpg does not.
    dpkg -l 'xul-ext-*' | /bin/grep '^ii' | awk '{print $2}' | \
        xargs chroot ${CHROOT} dpkg --remove
168

169
    # Create a fresh browser profile for the clearnet user
170 171 172 173
    CLEARNET_PROFILE="${CHROOT}"/home/clearnet/.tor-browser/profile.default

    CLEARNET_EXT="${CLEARNET_PROFILE}"/extensions
    mkdir -p "${CLEARNET_EXT}"
174
    cp -Pr "${TBB_PROFILE}"/extensions/langpack-*.xpi "${CLEARNET_EXT}"
175 176 177 178 179

    CLEARNET_PREFS="${CLEARNET_PROFILE}"/preferences/prefs.js
    mkdir -p "$(dirname "${CLEARNET_PREFS}")"

    # Localization
180 181
    BEST_LOCALE="$(guess_best_tor_browser_locale)"
    configure_xulrunner_app_locale "${CLEARNET_PROFILE}" "${BEST_LOCALE}"
182

183
    # Disable proxying in the chroot
184 185
    echo 'pref("network.proxy.type", 0);' >> "${CLEARNET_PREFS}"
    echo 'pref("network.proxy.socks_remote_dns", false);' >>  "${CLEARNET_PREFS}"
186

187 188 189 190
    # Disable update checking
    echo 'pref("app.update.enabled", false);' >> "${CLEARNET_PREFS}"
    echo 'pref("extensions.update.enabled", false);' >> "${CLEARNET_PREFS}"

191 192 193 194
    # Prevent File -> Print or CTRL+P from causing the browser to hang
    # for several minutes while trying to communicate with CUPS, since
    # access to port 631 isn't allowed through.
    echo 'pref("print.postscript.cups.enabled", false);' >> "${CLEARNET_PREFS}"
195 196
    # Hide "Get Addons" in Add-ons manager
    echo 'user_pref("extensions.getAddons.showPane", false);' >> "${CLEARNET_PREFS}"
197

198
    # Set the name (e.g. window title) of the browser
199
    set_chroot_browser_name "`gettext \"Unsafe Browser\"`" "${BEST_LOCALE}"
200

201 202
    # Set start page to something that explains what's going on
    echo 'user_pref("browser.startup.homepage", "'${START_PAGE}'");' >> \
203
        "${CLEARNET_PREFS}"
204 205 206 207 208 209 210 211 212 213 214 215 216
    BROWSER_CHROME="${CLEARNET_PROFILE}/chrome/userChrome.css"
    mkdir -p "$(dirname "${BROWSER_CHROME}")"
    cat > ${BROWSER_CHROME} << EOF
/* Required, do not remove */
@namespace url("http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul");

/* Hide TorBrowser Health Report and its configuration option */
#appmenu_healthReport,
#dataChoicesTab,
#healthReport

{display: none !important}
EOF
217 218

    # Remove all bookmarks
219
    rm -f ${CHROOT}/"${TBB_PROFILE}"/bookmarks.html
220 221
    rm -f ${CLEARNET_PROFILE}/bookmarks.html
    rm -f ${CLEARNET_PROFILE}/places.sqlite
222 223

    chown -R clearnet:clearnet ${CHROOT}/home/clearnet/.tor-browser
224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239

    # Set a scary theme (except if we're using Windows
    # camouflage). Note that the tails-activate-win8-theme script that
    # we may run below requires that the browser profile is writable
    # by the user running the script (i.e. clearnet).
    if [ -z "${CAMOUFLAGE}" ]; then
        cat >> "${CLEARNET_PREFS}" <<EOF
pref("lightweightThemes.isThemeSelected", true);
pref("lightweightThemes.usedThemes", "[{\"id\":\"1\",\"name\":\"Unsafe Browser\",\"headerURL\":\"file:///usr/share/pixmaps/red_dot.png\",\"footerURL\":\"file:///usr/share/pixmaps/red_dot.png\",\"textcolor\":\"#FFFFFF\",\"accentcolor\":\"#CC0000\",\"updateDate\":0,\"installDate\":0}]");
EOF
    else
        # The camouflage activation script requires a dbus server for
        # properly configuring GNOME, so we start one in the chroot
        chroot ${CHROOT} sudo -H -u clearnet sh -c 'eval `dbus-launch --auto-syntax`; tails-activate-win8-theme' || :
    fi

240 241
}

242
run_browser_in_chroot () {
243
    # Start the browser in the chroot
244 245
    echo "* Starting Unsafe Browser"

246
    sudo -u ${SUDO_USER} xhost +SI:localuser:${CLEARNET_USER} 2>/dev/null
247 248 249 250
    chroot ${CHROOT} sudo -u ${CLEARNET_USER} /bin/sh -c \
        '. /usr/local/lib/tails-shell-library/tor-browser.sh && \
         exec_firefox -DISPLAY=:0.0 \
                      -profile /home/clearnet/.tor-browser/profile.default'
251
    sudo -u ${SUDO_USER} xhost -SI:localuser:${CLEARNET_USER} 2>/dev/null
252 253
}

254 255 256
show_shutdown_notification () {
    local title="`gettext \"Shutting down the Unsafe Browser...\"`"
    local body="`gettext \"This may take a while, and you may not restart the Unsafe Browser until it is properly shut down.\"`"
257
    tails-notify-user "${title}" "${body}" 10000
258 259
}

260 261 262 263 264
maybe_restart_tor () {
    # Restart Tor if it's not working (a captive portal may have prevented
    # Tor from bootstrapping, and a restart is the fastest way to get
    # wheels turning)
    if ! tor_is_working; then
265
        echo "* Restarting Tor"
266 267
        restart-tor
        if ! service tor status >/dev/null; then
268 269
            error "`gettext \"Failed to restart Tor.\"`"
        fi
270 271
    fi
}
272

273 274 275 276 277 278
# Prevent multiple instances of the script.
exec 9>${LOCK}
if ! flock -x -n 9; then
    error "`gettext \"Another Unsafe Browser is currently running, or being cleaned up. Please retry in a while.\"`"
fi

279
# Get the DNS servers that was obtained from NetworkManager, if any...
280 281 282 283 284 285 286 287
NM_ENV=/var/lib/NetworkManager/env
if [ -r "${NM_ENV}" ]; then
    . ${NM_ENV}
fi
# ... otherwise fail.
# FIXME: Or would it make sense to fallback to Google's DNS or OpenDNS?
# Some stupid captive portals may allow DNS to any host, but chances are
# that only the portal's DNS would forward to the login page.
288
if [ -z "${IP4_NAMESERVERS}" ]; then
Tails developers's avatar
Tails developers committed
289
    error "`gettext \"No DNS server was obtained through DHCP or manually configured in NetworkManager.\"`"
290 291
fi

292
verify_start
293
show_start_notification
294 295
setup_chroot
configure_chroot
296 297
run_browser_in_chroot
show_shutdown_notification
298
maybe_restart_tor
299 300

exit 0