Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
Trac
Trac
  • Project overview
    • Project overview
    • Details
    • Activity
  • Issues 246
    • Issues 246
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Operations
    • Operations
    • Metrics
    • Incidents
  • Analytics
    • Analytics
    • Value Stream
  • Wiki
    • Wiki
  • Members
    • Members
  • Activity
  • Create a new issue
  • Issue Boards
Collapse sidebar

GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

  • Legacy
  • TracTrac
  • Issues
  • #21939

Closed (moved)
Open
Opened Apr 13, 2017 by Micah Lee@micah

start-tor-browser.desktop hack will soon stop working

The Linux version of Tor Browser is made more usable by a kind of hacky start-tor-browser.desktop file. Users can both execute it in a terminal to launch Tor Browser, and also double-click it from a GUI file manager like nautilus.

However, .desktop files can be used to hide malware. See this upstream nautilus bug [1], which has already been resolved. Also see this blog post [2] for more about how this bug allows attackers to compromise Subgraph OS.

Once this patch makes it to the versions of nautilus that Linux users have installed on their computers, the Tor Browser desktop file will break. Instead of saying "Tor Browser" with the Tor icon, it will say "start-tor-browser.desktop" with a default icon, and when the user tries double-clicking it it will pop up an "Untrusted application launcher" warning that the user has to click through.

One possible solution to this problem is to start distributing Tor Browser as a real Linux package that can be installed system-wide, with a .desktop file installed to /usr/share/applications like other software. I discussed this idea a bit in this thread [3].

[1] https://bugzilla.gnome.org/show_bug.cgi?id=777991 [2] https://micahflee.com/2017/04/breaking-the-security-model-of-subgraph-os/ [3] https://lists.torproject.org/pipermail/tor-meeting/2017-March/000162.html

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
None
Milestone
None
Assign milestone
Time tracking
None
Due date
None
Reference: legacy/trac#21939