Open redshiftzero opened 7 years ago
Whonix 14 will do that by default.
Package https://github.com/Whonix/security-misc is responsible for that.
References:
@redshiftzero can you reproduce this inside Qubes-Whonix?
If no, due to https://github.com/QubesOS/qubes-issues/issues/1885 we might be able to close this one as duplicate.
Have not tried to reproduce recently, but the original scope of this ticket was in the sd-svs
VM, which is not based on the Qubes Whonix Workstation—presumably that's why we saw behavior different from what @adrelanos points out.
Now that we've got the client code coming together, we'll be dropping use of Nautilus altogether in the standard journalist workflow (#179). So the preview issue is now less important than when this issue was first opened. The previews may be relevant for forthcoming workflows such as export, however #84, so leaving open for now. (cc @redshiftzero if you disagree)
sd-app
(née sd-svs
) still ships with Nautilus, but I'm not seeing rich previews at least for JPGs and PDFs. Have we already mitigated this in our config?
Need to confirm that tracker-miner has been disabled in sd-app altogether - nautilus may be replaced with thunar based on some issues encountered in the debian-12-based templates with grsec kernels, so we should make sure its equivalent service, if any, is also not processing files to produce thumbnails.
See also https://lwn.net/Articles/947288/
The equivalent service under xfce is tumblerd (which I cannot initially type without leaving out the "e" :/ ) - it's installed as a dependency of thunar but not actually required for it to run. So, we could:
Cross-referencing:
OG desc:
Nautilus helpfully generates a thumbnail preview of many file types, including images.
However, in our use case, we want to to prevent the parsing of potentially malicious decrypted files in
sd-app
, so we should disable the thumbnail generation.Note that to prevent parsing of these files disabling thumbnails is necessary but (possibly) not sufficient, more investigation needed.
With https://github.com/freedomofpress/securedrop-client/pull/2057, a file manager (and thunar, not nautilus) would not be available in sd-app, only in viewer and export VMs, but thumbnail generation should still be disabled.