Auto File Preview on by default (security concern)

Qubes Fedora templates has auto file preview off by default in the file manager to stop random files or downloads from being able to exploit parsing vulnerabilities here.

The Debian / Whonix templates have this on by default. So it shows thumbnails of images and more in the file manager’s icons.

For security, could this preview feature please be turned off by default in future releases?

If it happens with the Qubes Debian templates, then it’s not an exclusive Whonix issue. Could you report this issue at the Qubes tracker please?

I haven’t checked the Debian templates but would guess it is the same for both.

It actually looks like there are 2 file managers installed in the Qubes Whonix templates. Nautilus and Dolphin.

Both seem to have auto file previews on by default, so auto parsing any random files or downloads whenever just looking in their directories.

It looks like Nautilus maybe comes with the Qubes Debian installation and Dolphin comes with the Whonix installation.

Both of these file managers probably need correcting for default security.

One can find these UI settings here


Edit => Preferences => Preview

Text Files: Show text in icons: Local Files Only
Other Previewable Files: Show thumbnails: Local Files Only
Folders: Count number of items: Local Files Only


Settings => Configure Dolphin => General => Previews

Directories: Checked
Images (GIF, PNG, BMP, …): Checked
JPEG Images: Checked
JPEG: Rotate the image automatically: Checked