unsafe-browser 8.31 KB
Newer Older
1
#!/bin/sh
2

3
4
set -e

Tails developers's avatar
Tails developers committed
5
CMD=$(basename ${0})
6
LOCK=/var/lock/${CMD}
Tails developers's avatar
Tails developers committed
7
8

. gettext.sh
9
TEXTDOMAIN="${CMD}"
Tails developers's avatar
Tails developers committed
10
11
export TEXTDOMAIN

12
ROFS=/live/rofs/filesystem.squashfs
13
14
15
CONF_DIR=/var/lib/unsafe-browser
COW=${CONF_DIR}/cow
CHROOT=${CONF_DIR}/chroot
16
CLEARNET_USER=clearnet
17
18
OFFENDING_ADDONS="xul-ext-foxyproxy-standard xul-ext-torbutton xul-ext-firegpg
xul-ext-cookie-monster xul-ext-noscript xul-ext-monkeysphere"
19
20
21
22
TOR_DIR=/var/lib/tor
TOR_DESCRIPTORS=${TOR_DIR}/cached-descriptors
TOR_WORKING=""

23
24
25
26
27
28
29
30
WARNING_PAGE='/usr/share/doc/tails/website/misc/unsafe_browser_warning'
LANG_CODE="$(echo ${LANG} | head -c 2)"
if [ -r "${WARNING_PAGE}.${LANG_CODE}.html" ]; then
   START_PAGE="${WARNING_PAGE}.${LANG_CODE}.html"
else
   START_PAGE="${WARNING_PAGE}.en.html"
fi

31
32
33
34
if [ -e /var/lib/gdm3/tails.camouflage ]; then
    CAMOUFLAGE=yes
fi

35
cleanup () {
36
37
38
    # Break down the chroot and kill all of its processes
    local counter=0
    local ret=0
39
    while [ "${counter}" -le 10 ] && \
Tails developers's avatar
Tails developers committed
40
        pgrep -u ${CLEARNET_USER} 1>/dev/null 2>&1; do
41
        pkill -u ${CLEARNET_USER} 1>/dev/null 2>&1
42
        ret=${?}
43
        sleep 1
44
        counter=$((${counter}+1))
45
    done
46
    [ ${ret} -eq 0 ] || pkill -9 -u ${CLEARNET_USER} 1>/dev/null 2>&1
47
    for mnt in ${CHROOT}/dev ${CHROOT}/proc ${CHROOT} ${COW}; do
48
        counter=0
49
50
        while [ "${counter}" -le 10 ] && mountpoint -q ${mnt} 2>/dev/null; do
            umount ${mnt} 2>/dev/null
51
            sleep 1
52
            counter=$((${counter}+1))
53
54
        done
    done
55
    rmdir ${COW} ${CHROOT} 2>/dev/null
56
57
58
}

error () {
59
60
    local cli_text="${CMD}: `gettext \"error:\"` ${@}"
    local dialog_text="<b><big>`gettext \"Error\"`</big></b>
61

62
${@}"
63
    echo "${cli_text}" >&2
64
    sudo -u ${SUDO_USER} zenity --error --title "" --text "${dialog_text}"
65
66
67
68
    exit 1
}

warning () {
69
70
71
72
73
74
    local cli_text="${CMD}: `gettext \"warning:\"` ${text}"
    local dialog_text="<b><big>`gettext \"Warning\"`</big></b>

${@}"
    echo "${cli_text}" >&2
    sudo -u ${SUDO_USER} zenity --warning --title "" --text "${dialob_text}"
75
76
}

77
78
verify_start () {
    # Make sure the user really wants to start the browser
79
    local dialog_msg="<b><big>`gettext \"Do you really want to launch the Unsafe Browser?\"`</big></b>
80

Tails developers's avatar
Tails developers committed
81
`gettext \"Network activity within the Unsafe Browser is <b>not anonymous</b>. Only use the Unsafe Browser if necessary, for example if you have to login or register to activate your Internet connection.\"`"
82
83
84
85
86
87
    local launch="`gettext \"_Launch\"`"
    local exit="`gettext \"_Exit\"`"
    # Since zenity can't set the default button to cancel, we switch the
    # labels and interpret the return value as its negation.
    if sudo -u ${SUDO_USER} zenity --question --title "" --ok-label "${exit}" \
       --cancel-label "${launch}" --text "${dialog_msg}"; then
88
89
90
        exit 0
    fi
}
91

92
93
94
95
96
97
show_start_notification () {
    local title="`gettext \"Starting the Unsafe Browser...\"`"
    local body="`gettext \"This may take a while, so please be patient.\"`"
    notify-send -t 10000 "${title}" "${body}"
}

98
99
100
101
setup_chroot () {
    # Setup a chroot on an aufs "fork" of the filesystem.
    # FIXME: When LXC matures to the point where it becomes a viable option
    # for creating isolated jails, the chroot can be used as its rootfs.
102
103
    echo "* Setting up chroot"

104
105
106
    trap cleanup INT
    trap cleanup EXIT

107
    mkdir -p ${COW} ${CHROOT} && \
108
109
110
    mount -t tmpfs tmpfs ${COW} && \
    mount -t aufs -o noatime,noxino,dirs=${COW}=rw:${ROFS}=rr+wh aufs ${CHROOT} && \
    mount -t proc proc ${CHROOT}/proc && \
Tails developers's avatar
Tails developers committed
111
112
    mount --bind /dev ${CHROOT}/dev || \
    error "`gettext \"Failed to setup chroot.\"`"
113
114
115
}

configure_chroot () {
116
117
    echo "* Configuring chroot"

118
119
    # Set the chroot's DNS servers to those obtained through DHCP
    rm -f ${CHROOT}/etc/resolv.conf
120
    for NS in ${IP4_NAMESERVERS}; do
121
122
123
124
125
        echo "nameserver ${NS}" >> ${CHROOT}/etc/resolv.conf
    done
    chmod a+r ${CHROOT}/etc/resolv.conf

    # Disable problematic Iceweasel addons and proxying in the chroot
126
    chroot ${CHROOT} apt-get remove --yes ${OFFENDING_ADDONS}
127
128
129
130
    sed -i '/^pref("network.proxy.type",/d' \
        ${CHROOT}/etc/iceweasel/pref/iceweasel.js
    echo 'pref("network.proxy.type", 0);' >> \
        ${CHROOT}/etc/iceweasel/pref/iceweasel.js
131
    rm -rf ${CHROOT}/etc/iceweasel/profile/extensions
132

Tails developers's avatar
Tails developers committed
133
    # Set a scary theme (except if we're using Windows camouflage)
134
    if [ -z "${CAMOUFLAGE}" ]; then
Tails developers's avatar
Bugfix.    
Tails developers committed
135
        cat >> ${CHROOT}/etc/iceweasel/profile/user.js <<EOF
136
user_pref("lightweightThemes.isThemeSelected", true);
137
138
user_pref("lightweightThemes.usedThemes", "[{\"id\":\"1\",\"name\":\"Unsafe Browser\",\"headerURL\":\"file:///usr/share/pixmaps/red_dot.png\",\"footerURL\":\"file:///usr/share/pixmaps/red_dot.png\",\"textcolor\":\"#FFFF00\",\"accentcolor\":\"#CC0000\",\"updateDate\":0,\"installDate\":0}]");
EOF
139
    fi
140
141
142
143

    # Set start page to something that explains what's going on
    echo 'user_pref("browser.startup.homepage", "'${START_PAGE}'");' >> \
        ${CHROOT}/etc/iceweasel/profile/user.js
144
145
146

    # Remove all bookmarks
    rm -f ${CHROOT}/etc/iceweasel/profile/bookmarks.html
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166

    # Make the English wikipedia the only available and default search
    # engine (this is a documented cue for identifying the Unsafe Browser,
    # which is extra important in camouflage mode when the scary coloured
    # theme is disabled.)
    find ${CHROOT}/etc/iceweasel/profile/searchplugins/ \
         ${CHROOT}/etc/iceweasel/searchplugins -name "*.xml" | \
        while read searchengine; do
            if basename "$searchengine" | grep -qvi wikipedia; then
                rm "${searchengine}"
            fi
        done
    sed -i '/^user_pref("browser.search.defaultenginename",/d' \
        ${CHROOT}/etc/iceweasel/profile/user.js
    echo 'user_pref("browser.search.defaultenginename", "Wikipedia (en)");' >> \
        ${CHROOT}/etc/iceweasel/profile/user.js
    sed -i '/^user_pref("browser.search.selectedEngine",/d' \
        ${CHROOT}/etc/iceweasel/profile/user.js
    echo 'user_pref("browser.search.selectedEngine", "Wikipedia (en)");' >> \
        ${CHROOT}/etc/iceweasel/profile/user.js
167
168
}

169
run_browser_in_chroot () {
170
    # Start Iceweasel in the chroot
171
172
    echo "* Starting Unsafe Browser"

173
    sudo -u ${SUDO_USER} xhost +SI:localuser:${CLEARNET_USER} 2>/dev/null
174
    chroot ${CHROOT} sudo -u ${CLEARNET_USER} iceweasel -DISPLAY=:0.0
175
    sudo -u ${SUDO_USER} xhost -SI:localuser:${CLEARNET_USER} 2>/dev/null
176
177
}

178
179
180
181
182
183
show_shutdown_notification () {
    local title="`gettext \"Shutting down the Unsafe Browser...\"`"
    local body="`gettext \"This may take a while, and you may not restart the Unsafe Browser until it is properly shut down.\"`"
    notify-send -t 10000 "${title}" "${body}"
}

184
185
186
187
188
189
190
191
192
193
194
195
196
tor_is_working() {
    # FIXME: the approach is stolen from is_tor_working() in the 20-time
    # NM hook -- we should move things like this to a shell script library
    # FIXME: how to determine this reliably? this approach doesn't work
    # if $TOR_DIR is persistent.
    [ -e $TOR_DESCRIPTORS ]
}

maybe_restart_tor () {
    # Restart Tor if it's not working (a captive portal may have prevented
    # Tor from bootstrapping, and a restart is the fastest way to get
    # wheels turning)
    if ! tor_is_working; then
197
198
        echo "* Restarting Tor"
        if ! service tor restart; then
199
200
201
202
203
            error "`gettext \"Failed to restart Tor.\"`"
        fi
        local counter=0
        until [ "${counter}" -ge 10 ] || nc -z localhost 9051 2>/dev/null; do
            sleep 1
204
            counter=$((${counter}+1))
205
        done
206
        /etc/NetworkManager/dispatcher.d/60-vidalia.sh clearnet up 2>/dev/null
207
208
    fi
}
209

210
211
212
213
214
215
# Prevent multiple instances of the script.
exec 9>${LOCK}
if ! flock -x -n 9; then
    error "`gettext \"Another Unsafe Browser is currently running, or being cleaned up. Please retry in a while.\"`"
fi

216
# Get the DNS servers that was obtained from NetworkManager, if any...
217
218
219
220
221
222
223
224
NM_ENV=/var/lib/NetworkManager/env
if [ -r "${NM_ENV}" ]; then
    . ${NM_ENV}
fi
# ... otherwise fail.
# FIXME: Or would it make sense to fallback to Google's DNS or OpenDNS?
# Some stupid captive portals may allow DNS to any host, but chances are
# that only the portal's DNS would forward to the login page.
225
if [ -z "${IP4_NAMESERVERS}" ]; then
Tails developers's avatar
Tails developers committed
226
    error "`gettext \"No DNS server was obtained through DHCP or manually configured in NetworkManager.\"`"
227
228
fi

229
verify_start
230
show_start_notification
231
232
setup_chroot
configure_chroot
233
234
run_browser_in_chroot
show_shutdown_notification
235
maybe_restart_tor
236
237

exit 0