disable preview in file manager by default

phabricator-migrator · February 19, 2024, 5:46pm

Information

ID: 500
PHID: PHID-TASK-ahet7iafrd7l2w66yd5e
Author: Patrick
Status at Migration Time: resolved
Priority at Migration Time: Normal

Description

github.com/QubesOS/qubes-issues

Turn Auto File Previews off by default in Debian / Whonix templates

opened 10:19AM - 07 Aug 15 UTC

closed 09:47AM - 20 Feb 17 UTC

powerpeep

T: enhancement C: templates P: minor C: Whonix C: Debian/Ubuntu

https://www.whonix.org/forum/index.php/topic,1492.0.html Qubes Fedora templates… has auto file preview off by default in the file manager to stop random files or downloads from being able to exploit parsing vulnerabilities here. The Debian / Whonix templates have this on by default. So it shows thumbnails of images and more in the file manager's icons. For security, could this preview feature please be turned off by default in future releases?

Should avoid using the same filename /usr/share/glib-2.0/schemas/org.gnome.nautilus.gschema.override to avoid conflicts with qubes-core-agent-linux-package if that is possible.

Comments

Patrick

2017-02-19 22:35:02 UTC

Patrick · June 1, 2024, 6:11pm

security-misc for a while now deactivates thumbnails in Thunar.

rationale:

Lower of disabling thumbnails attack surface when using the file manager.
Fewer applications parsing thumbnails.
In Qubes OS, thumbnails undermine the security benefit by the right click action “Open in DisposableVM”.
Assumption, that image viewers have a more robust string parsing for thumbnails than file managers.

There is nothing inherently wrong or dangerous about thumbnails. It’s just another feature.

references:

Bug 777991 – Nautilus hides filename for .desktop files with execute permission
Turn Auto File Previews off by default in Debian / Whonix templates · Issue #1108 · QubesOS/qubes-issues · GitHub
Disable thumbnail previews in Nautilus in `sd-app` VM · Issue #13 · freedomofpress/securedrop-workstation · GitHub