summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorsegfault <segfault@riseup.net>2019-09-23 11:54:56 +0200
committersegfault <segfault@riseup.net>2019-09-23 16:03:46 +0200
commit04d9c22243d803888d2dfbfc4f5de91cacdbdc9d (patch)
tree26b6ea87bc6d7d2cf24366869c40f408e40e3202
parent7cbcd4bc1d61fe0abe240cd8d12aac1138d353e5 (diff)
Add Greeter option to disable the Unsafe Browser (refs: #17085)bugfix/17085-allow-to-disable-unsafe-browser
-rw-r--r--config/chroot_local-includes/usr/lib/python3/dist-packages/tailsgreeter/gui.py39
-rw-r--r--config/chroot_local-includes/usr/lib/python3/dist-packages/tailsgreeter/physicalsecurity.py12
-rw-r--r--config/chroot_local-includes/usr/local/lib/tails-shell-library/tails-greeter.sh4
-rwxr-xr-xconfig/chroot_local-includes/usr/local/sbin/unsafe-browser9
-rw-r--r--config/chroot_local-includes/usr/share/tails-greeter/greeter.ui215
5 files changed, 279 insertions, 0 deletions
diff --git a/config/chroot_local-includes/usr/lib/python3/dist-packages/tailsgreeter/gui.py b/config/chroot_local-includes/usr/lib/python3/dist-packages/tailsgreeter/gui.py
index 91d1ec9..97d4985 100644
--- a/config/chroot_local-includes/usr/lib/python3/dist-packages/tailsgreeter/gui.py
+++ b/config/chroot_local-includes/usr/lib/python3/dist-packages/tailsgreeter/gui.py
@@ -354,6 +354,36 @@ class MACSpoofSetting(AdditionalSetting):
tailsgreeter.utils.get_on_off_string(macspoof, default=True))
+class UnsafeBrowserSetting(AdditionalSetting):
+ def __init__(self, greeter, builder):
+ super().__init__("unsafe_browser", greeter, builder)
+ self.accel_key = Gdk.KEY_u
+
+ def build_ui(self, builder):
+ super().build_ui(builder)
+ tailsgreeter.utils.import_builder_objects(self, builder, [
+ 'image_unsafe_browser_off',
+ 'image_unsafe_browser_on',
+ 'label_unsafe_browser_value',
+ 'listboxrow_unsafe_browser_off',
+ 'listboxrow_unsafe_browser_on',
+ ])
+
+ def row_activated(self, row):
+ unsafe_browser = None
+ if row == self.listboxrow_unsafe_browser_on:
+ unsafe_browser = True
+ self.image_unsafe_browser_on.set_visible(True)
+ self.image_unsafe_browser_off.set_visible(False)
+ elif row == self.listboxrow_unsafe_browser_off:
+ unsafe_browser = False
+ self.image_unsafe_browser_off.set_visible(True)
+ self.image_unsafe_browser_on.set_visible(False)
+ self.greeter.physical_security.unsafe_browser = unsafe_browser
+ self.label_unsafe_browser_value.set_label(
+ tailsgreeter.utils.get_on_off_string(unsafe_browser, default=True))
+
+
class NetworkSetting(AdditionalSetting):
def __init__(self, greeter, builder):
super().__init__("network", greeter, builder)
@@ -561,6 +591,7 @@ class GreeterSettingsCollection(object):
# Additional settings views
self.admin = AdminSetting(greeter, builder)
self.macspoof = MACSpoofSetting(greeter, builder)
+ self.unsafe_browser = UnsafeBrowserSetting(greeter, builder)
self.network = NetworkSetting(greeter, builder)
self.camouflage = CamouflageSetting(greeter, builder)
@@ -583,12 +614,14 @@ class DialogAddSetting(Gtk.Dialog):
'box_camouflage_popover',
'box_macspoof_popover',
'box_network_popover',
+ 'box_unsafe_browser_popover',
'entry_admin_password',
'listbox_add_setting',
'listboxrow_admin',
'listboxrow_camouflage',
'listboxrow_macspoof',
'listboxrow_network',
+ 'listboxrow_unsafe_browser',
])
self.set_transient_for(self)
@@ -789,6 +822,7 @@ class GreeterMainWindow(Gtk.Window, TranslatableWindow):
'box_storage',
'box_storage_unlock',
'box_storage_unlocked',
+ 'box_unsafe_browser_popover',
'button_storage_configure',
'checkbutton_language_save',
'checkbutton_settings_save',
@@ -807,6 +841,7 @@ class GreeterMainWindow(Gtk.Window, TranslatableWindow):
'listboxrow_network',
'listboxrow_text',
'listboxrow_tz',
+ 'listboxrow_unsafe_browser',
'switch_camouflage',
'toolbutton_settings_add',
])
@@ -1084,6 +1119,10 @@ class GreeterMainWindow(Gtk.Window, TranslatableWindow):
tailsgreeter.utils.popover_toggle(self.settings[setting_id].popover)
return False
+ def cb_listbox_unsafe_browser_row_activated(self, listbox, row, user_data=None):
+ self.settings.unsafe_browser.row_activated(row)
+ self.settings.unsafe_browser.close_popover_if_any()
+
def cb_switch_camouflage_active(self, switch, pspec, user_data=None):
self.settings.camouflage.switch_active(switch)
self.settings.camouflage.close_popover_if_any()
diff --git a/config/chroot_local-includes/usr/lib/python3/dist-packages/tailsgreeter/physicalsecurity.py b/config/chroot_local-includes/usr/lib/python3/dist-packages/tailsgreeter/physicalsecurity.py
index 75b744b..5575774 100644
--- a/config/chroot_local-includes/usr/lib/python3/dist-packages/tailsgreeter/physicalsecurity.py
+++ b/config/chroot_local-includes/usr/lib/python3/dist-packages/tailsgreeter/physicalsecurity.py
@@ -36,6 +36,7 @@ class PhysicalSecuritySettings(object):
# Whether to run macspoof
self._netconf = self.NETCONF_DIRECT
self._macspoof = True
+ self._unsafe_browser = True
self.write_settings()
def write_settings(self):
@@ -47,6 +48,8 @@ class PhysicalSecuritySettings(object):
pipes.quote(self.netconf)))
f.write('TAILS_MACSPOOF_ENABLED={0}\n'.format(
pipes.quote(str(self.macspoof).lower())))
+ f.write('TAILS_UNSAFE_BROWSER_ENABLED={0}\n'.format(
+ pipes.quote(str(self.unsafe_browser).lower())))
logging.debug('physical security settings written to %s',
physical_security_settings_file)
@@ -58,6 +61,10 @@ class PhysicalSecuritySettings(object):
def macspoof(self):
return self._macspoof
+ @property
+ def unsafe_browser(self):
+ return self._unsafe_browser
+
@netconf.setter
def netconf(self, new_state):
self._netconf = new_state
@@ -67,3 +74,8 @@ class PhysicalSecuritySettings(object):
def macspoof(self, new_state):
self._macspoof = new_state
self.write_settings()
+
+ @unsafe_browser.setter
+ def unsafe_browser(self, new_state):
+ self._unsafe_browser = new_state
+ self.write_settings()
diff --git a/config/chroot_local-includes/usr/local/lib/tails-shell-library/tails-greeter.sh b/config/chroot_local-includes/usr/local/lib/tails-shell-library/tails-greeter.sh
index dc6cc26..e5eccc1 100644
--- a/config/chroot_local-includes/usr/local/lib/tails-shell-library/tails-greeter.sh
+++ b/config/chroot_local-includes/usr/local/lib/tails-shell-library/tails-greeter.sh
@@ -29,6 +29,10 @@ mac_spoof_is_enabled() {
[ "$(_get_tg_setting "${PHYSICAL_SECURITY_SETTINGS}" TAILS_MACSPOOF_ENABLED)" != false ]
}
+unsafe_browser_is_enabled() {
+ [ "$(_get_tg_setting "${PHYSICAL_SECURITY_SETTINGS}" TAILS_UNSAFE_BROWSER_ENABLED)" = true ]
+}
+
tails_netconf() {
_get_tg_setting "${PHYSICAL_SECURITY_SETTINGS}" TAILS_NETCONF
}
diff --git a/config/chroot_local-includes/usr/local/sbin/unsafe-browser b/config/chroot_local-includes/usr/local/sbin/unsafe-browser
index bf0d711..5f86a5a 100755
--- a/config/chroot_local-includes/usr/local/sbin/unsafe-browser
+++ b/config/chroot_local-includes/usr/local/sbin/unsafe-browser
@@ -23,6 +23,9 @@ export TEXTDOMAIN
# and run_browser_in_chroot().
. /usr/local/lib/tails-shell-library/chroot-browser.sh
+# Import unsafe_browser_is_enabled
+. /usr/local/lib/tails-shell-library/tails-greeter.sh
+
error () {
local cli_text="${CMD}: `gettext \"error:\"` ${@}"
local dialog_text="<b><big>`gettext \"Error\"`</big></b>
@@ -85,6 +88,12 @@ HUMAN_READABLE_NAME="`gettext \"Unsafe Browser\"`"
WARNING_PAGE='/usr/share/doc/tails/website/misc/unsafe_browser_warning'
HOME_PAGE="$(localized_tails_doc_page "${WARNING_PAGE}")"
+# Check if the Unsafe Browser was disabled in the startup options
+if ! unsafe_browser_is_enabled; then
+ error "`gettext \"The Unsafe Browser was disabled in the startup options.\n\nIf you want to use the Unsafe Browser, \
+you have to restart Tails and enable it in the startup options.\"`"
+fi
+
# Prevent multiple instances of the script.
exec 9>"${LOCK}"
if ! flock -x -n 9; then
diff --git a/config/chroot_local-includes/usr/share/tails-greeter/greeter.ui b/config/chroot_local-includes/usr/share/tails-greeter/greeter.ui
index 08e00e1..bb12d5a 100644
--- a/config/chroot_local-includes/usr/share/tails-greeter/greeter.ui
+++ b/config/chroot_local-includes/usr/share/tails-greeter/greeter.ui
@@ -381,6 +381,164 @@
</packing>
</child>
</object>
+ <object class="GtkBox" id="box_unsafe_browser_popover">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="margin_left">18</property>
+ <property name="margin_right">18</property>
+ <property name="margin_top">18</property>
+ <property name="margin_bottom">18</property>
+ <property name="orientation">vertical</property>
+ <property name="spacing">18</property>
+ <child>
+ <object class="GtkLabel" id="label_unsafe_browser_title">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="label" translatable="yes">Unsafe Browser</property>
+ <attributes>
+ <attribute name="weight" value="bold"/>
+ <attribute name="scale" value="1.5"/>
+ </attributes>
+ </object>
+ <packing>
+ <property name="expand">False</property>
+ <property name="fill">True</property>
+ <property name="position">0</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkLabel" id="label_unsafe_browser_description">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="label" translatable="yes">The Unsafe Browser allows you to log in to captive portals before starting Tor. It is also a security risk, because it could be used to deanonymize you.\nYou can disable the Unsafe Browser here if you don't have to log in to captive portals.</property>
+ <property name="justify">fill</property>
+ <property name="wrap">True</property>
+ <property name="width_chars">50</property>
+ <property name="max_width_chars">50</property>
+ <property name="xalign">0</property>
+ </object>
+ <packing>
+ <property name="expand">False</property>
+ <property name="fill">True</property>
+ <property name="position">1</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkFrame" id="frame_unsafe_browser">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="margin_bottom">18</property>
+ <property name="label_xalign">0</property>
+ <property name="shadow_type">in</property>
+ <child>
+ <object class="GtkListBox" id="listbox_unsafe_browser_controls">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="selection_mode">browse</property>
+ <signal name="row-activated" handler="cb_listbox_unsafe_browser_row_activated" swapped="no"/>
+ <child>
+ <object class="GtkListBoxRow" id="listboxrow_unsafe_browser_on">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <child>
+ <object class="GtkBox" id="box_unsafe_browser_on">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="margin_left">6</property>
+ <property name="margin_right">6</property>
+ <property name="margin_top">6</property>
+ <property name="margin_bottom">6</property>
+ <property name="spacing">12</property>
+ <child>
+ <object class="GtkLabel" id="label_unsafe_browser_on">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="label" translatable="yes">Enable the Unsafe Browser (default)</property>
+ <property name="justify">fill</property>
+ <property name="wrap">True</property>
+ <property name="max_width_chars">45</property>
+ <property name="xalign">0</property>
+ </object>
+ <packing>
+ <property name="expand">True</property>
+ <property name="fill">True</property>
+ <property name="position">0</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkImage" id="image_unsafe_browser_on">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="icon_name">emblem-ok-symbolic</property>
+ </object>
+ <packing>
+ <property name="expand">False</property>
+ <property name="fill">True</property>
+ <property name="pack_type">end</property>
+ <property name="position">2</property>
+ </packing>
+ </child>
+ </object>
+ </child>
+ </object>
+ </child>
+ <child>
+ <object class="GtkListBoxRow" id="listboxrow_unsafe_browser_off">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <child>
+ <object class="GtkBox" id="box_unsafe_browser_off">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="margin_left">6</property>
+ <property name="margin_right">6</property>
+ <property name="margin_top">6</property>
+ <property name="margin_bottom">6</property>
+ <property name="spacing">12</property>
+ <child>
+ <object class="GtkLabel" id="label_unsafe_browser_off">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="label" translatable="yes">Disable the Unsafe Browser</property>
+ <property name="wrap">True</property>
+ <property name="max_width_chars">45</property>
+ <property name="xalign">0</property>
+ </object>
+ <packing>
+ <property name="expand">True</property>
+ <property name="fill">True</property>
+ <property name="position">0</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkImage" id="image_unsafe_browser_off">
+ <property name="can_focus">False</property>
+ <property name="icon_name">emblem-ok-symbolic</property>
+ </object>
+ <packing>
+ <property name="expand">False</property>
+ <property name="fill">True</property>
+ <property name="pack_type">end</property>
+ <property name="position">2</property>
+ </packing>
+ </child>
+ </object>
+ </child>
+ </object>
+ </child>
+ </object>
+ </child>
+ <child type="label_item">
+ <placeholder/>
+ </child>
+ </object>
+ <packing>
+ <property name="expand">False</property>
+ <property name="fill">True</property>
+ <property name="position">3</property>
+ </packing>
+ </child>
+ </object>
<object class="GtkBox" id="box_main">
<property name="visible">True</property>
<property name="can_focus">False</property>
@@ -1641,6 +1799,63 @@
</object>
</child>
<child>
+ <object class="GtkListBoxRow" id="listboxrow_unsafe_browser">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <child>
+ <object class="GtkBox" id="box_unsafe_browser">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="margin_left">6</property>
+ <property name="margin_right">6</property>
+ <property name="margin_top">6</property>
+ <property name="margin_bottom">6</property>
+ <property name="spacing">6</property>
+ <child>
+ <object class="GtkImage" id="image_unsafe_browser">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="icon_name">web-browser-symbolic</property>
+ <property name="icon_size">3</property>
+ </object>
+ <packing>
+ <property name="expand">False</property>
+ <property name="fill">True</property>
+ <property name="position">0</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkLabel" id="label_unsafe_browser_caption">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="label" translatable="yes">_Unsafe Browser</property>
+ <property name="use_underline">True</property>
+ <property name="mnemonic_widget">listboxrow_unsafe_browser</property>
+ </object>
+ <packing>
+ <property name="expand">False</property>
+ <property name="fill">True</property>
+ <property name="position">1</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkLabel" id="label_unsafe_browser_value">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="label" translatable="yes">On (default)</property>
+ </object>
+ <packing>
+ <property name="expand">False</property>
+ <property name="fill">True</property>
+ <property name="pack_type">end</property>
+ <property name="position">2</property>
+ </packing>
+ </child>
+ </object>
+ </child>
+ </object>
+ </child>
+ <child>
<object class="GtkListBoxRow" id="listboxrow_network">
<property name="visible">True</property>
<property name="can_focus">True</property>