summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorsegfault <segfault@riseup.net>2019-10-08 20:28:46 +0200
committersegfault <segfault@riseup.net>2019-10-08 20:28:46 +0200
commit9a9199aa743a2d07dcf4fed9e7800bc3b9d0100d (patch)
treebc1510e28114a1ecbe2a1e3226e4ae853f3ff987
parenta9278fcba29b279ae916cf2dfcb705eba2f1f775 (diff)
Add a new warning dialog for the Unsafe Browser (refs: #17134)wip/bugfix/17134-make-sure-user-sees-unsafe-browser-warning
This dialog makes the "Launch" button insensitive for 5 seconds, to increase the chances that the user notices if the Unsafe Browser is started for malicious use.
-rwxr-xr-xconfig/chroot_local-includes/usr/local/lib/tails-unsafe-browser-warning80
-rwxr-xr-xconfig/chroot_local-includes/usr/local/sbin/unsafe-browser9
2 files changed, 81 insertions, 8 deletions
diff --git a/config/chroot_local-includes/usr/local/lib/tails-unsafe-browser-warning b/config/chroot_local-includes/usr/local/lib/tails-unsafe-browser-warning
new file mode 100755
index 0000000..35c22fc
--- /dev/null
+++ b/config/chroot_local-includes/usr/local/lib/tails-unsafe-browser-warning
@@ -0,0 +1,80 @@
+#!/usr/bin/env python3
+
+import gettext
+import gi
+import time
+import sys
+
+gi.require_version("GLib", "2.0")
+gi.require_version("Gtk", "3.0")
+from gi.repository import Gtk, GLib
+
+# Initialize translations
+translation = gettext.translation("tails", fallback=True)
+_ = translation.gettext
+
+
+def process_mainloop_events():
+ context = GLib.MainLoop().get_context()
+ while context.pending():
+ context.iteration()
+
+
+class UnsafeBrowserWarningDialog(object):
+ def __init__(self):
+ title = _("Do you really want to launch the Unsafe Browser?")
+
+ # Translators: <b> and </b> are markup tags which make the text they surround bold
+ # Translators: \n\n are two newlines
+ msg = _("Network activity within the Unsafe Browser is <b>not anonymous</b>.\n\n"
+ "Only use the Unsafe Browser if necessary, for example if you have "
+ "to login or register to activate your Internet connection.")
+
+ self.dialog = Gtk.MessageDialog(message_type=Gtk.MessageType.WARNING, text=title)
+ self.dialog.format_secondary_markup(msg)
+ self.dialog.add_button(_("Cancel"), Gtk.ResponseType.CANCEL)
+ self.dialog.add_button(_("Launch"), Gtk.ResponseType.OK)
+ self.dialog.connect("response", self.on_response)
+
+ button = self.dialog.get_widget_for_response(Gtk.ResponseType.OK)
+ button.get_style_context().add_class("destructive-action")
+ button.set_sensitive(False)
+
+ self.dialog.connect("show", self.on_dialog_shown)
+
+ def run(self):
+ # We don't use self.dialog.run() here because it doesn't process
+ # responses sent during the time spent in the on_dialog_shown loop.
+ self.dialog.show()
+
+ @staticmethod
+ def on_dialog_shown(dialog: Gtk.MessageDialog):
+ button = dialog.get_widget_for_response(Gtk.ResponseType.OK)
+ seconds_to_wait = 5
+ start_time = time.perf_counter()
+ time_waited = time.perf_counter() - start_time
+
+ while time_waited < seconds_to_wait:
+ countdown = int(seconds_to_wait - time_waited) + 1
+ button.set_label(_("Launch (%s)" % str(countdown)))
+ process_mainloop_events()
+ time.sleep(0.1)
+ time_waited = time.perf_counter() - start_time
+
+ button.set_label(_("Launch"))
+ button.set_sensitive(True)
+
+ @staticmethod
+ def on_response(dialog: Gtk.MessageDialog, response: Gtk.ResponseType):
+ if response != Gtk.ResponseType.OK:
+ sys.exit(1)
+ sys.exit(0)
+
+
+def main():
+ UnsafeBrowserWarningDialog().run()
+ Gtk.main()
+
+
+if __name__ == "__main__":
+ main()
diff --git a/config/chroot_local-includes/usr/local/sbin/unsafe-browser b/config/chroot_local-includes/usr/local/sbin/unsafe-browser
index 8457c93..e951b00 100755
--- a/config/chroot_local-includes/usr/local/sbin/unsafe-browser
+++ b/config/chroot_local-includes/usr/local/sbin/unsafe-browser
@@ -37,14 +37,7 @@ ${@}"
verify_start () {
# Make sure the user really wants to start the browser
- local dialog_msg="<b><big>`gettext \"Do you really want to launch the Unsafe Browser?\"`</big></b>
-
-`gettext \"Network activity within the Unsafe Browser is <b>not anonymous</b>.\\nOnly use the Unsafe Browser if necessary, for example\\nif you have to login or register to activate your Internet connection.\"`"
- local launch="`gettext \"_Launch\"`"
- local exit="`gettext \"_Exit\"`"
- if ! sudo -u "${SUDO_USER}" \
- zenity --question --ellipsize --title "" --text "${dialog_msg}" --default-cancel \
- --ok-label "${launch}" --cancel-label "${exit}"; then
+ if ! /usr/local/lib/tails-unsafe-browser-warning; then
exit 0
fi
}