[tor-bugs] #19652 [Applications/Tor Browser]: permission to install Tor Browser by default in Whonix
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Jul 14 17:27:37 UTC 2016
#19652: permission to install Tor Browser by default in Whonix
--------------------------------------+--------------------------
Reporter: adrelanos | Owner: tbb-team
Type: task | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Comment (by adrelanos):
Replying to [comment:1 arma]:
> For example, does it add Flash support to Tor Browser?
No such grave modifications.
> 1) Is the Tor Browser that Whonix wants to ship modified in any way from
the Tor Browser that you get from the Tor website?
No modifications to any files in the Tor Browser folder.
There are environment variables modifications.
{{{
## Deactivate tor-launcher,
## a Vidalia replacement as browser extension,
## to prevent running Tor over Tor.
## https://trac.torproject.org/projects/tor/ticket/6009
## https://gitweb.torproject.org/tor-launcher.git
export TOR_SKIP_LAUNCH=1
## environment variable to skip TorButton control port verification
## https://trac.torproject.org/projects/tor/ticket/13079
export TOR_SKIP_CONTROLPORTTEST=1
## Environment variable to disable the "TorButton" ->
## "Open Network Settings..." menu item. It is not useful and confusing to
have
## on a workstation, because Tor must be configured on the gateway, which
is
## for security reasons forbidden from the gateway.
## https://trac.torproject.org/projects/tor/ticket/14100
export TOR_NO_DISPLAY_NETWORK_SETTINGS=1
}}}
-----
{{{
export TOR_CONTROL_HOST="127.0.0.1"
export TOR_CONTROL_PORT="9151"
## this is to satisfy Tor Button just filled up with anything
export TOR_CONTROL_PASSWD='"password"'
}}}
-----
{{{
TOR_DEFAULT_HOMEPAGE=/usr/share/homepage/whonix-welcome-page/whonix.html
}}}
Whonix Welcome Page
* https://github.com/Whonix/whonix-welcome-page
* ([https://firstlook.org/wp-uploads/sites/1/2015/08/whonix4-1000x673.png
older screenshot] [now search box removed])
-----
Tor Browser connects to localhost. From there we are using rinetd (Whonix
13) or socat (Whonix 14 and above) to redirect 127.0.0.1:9150 to Whonix-
Gateway. (Same for Tor ControlPort.)
-----
We have optional AppArmor support but the user has to learn it through the
whonix.org website and self install the apparmor-profile-torbrowser
package.
* https://www.whonix.org/wiki/AppArmor
* https://github.com/Whonix/apparmor-profile-torbrowser
> 2) Is the Tor Browser in Whonix used in a different way or different
context than Tor Browser usually is?
Apart from above environment variables changes and port redirection, there
is no difference.
Deliberately the changes are as minimal as possible and only for
distribution integration reasons.
> For example, does it maintain the "stream isolation by tab" feature?
Yes.
> I ask because we want to make sure people don't call stuff "Tor" if they
then use it in a context where you don't get the properties that Tor + Tor
Browser provide.
>
> (For example, imagine somebody wanted to grab Tor Browser, and remove
Tor from it, and still call it Tor Browser. That would be bad. But it
doesn't look like this is that situation.)
Right.
Replying to [comment:2 arma]:
> (To be clearer, I think we should try to say yes here -- or, if needed,
we should fix things until we can say yes.)
Yes. That is great!
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19652#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list