brizental pushed to branch tor-browser-140.3.0esr-15.0-1 at The Tor Project /
Applications / Tor Browser
Commits:
d37094a0 by Beatriz Rizental at 2025-09-17T16:13:56+02:00
TB 43107: Disable remoting by default
Unless the `--allow-remote` flag is provided when starting the
applicaton.
Also removes the support for the `--new-instance` flag which does a
similar job of disabling remoting, but only disables it for the current
instance.
- - - - -
1 changed file:
- toolkit/xre/nsAppRunner.cpp
Changes:
=====================================
toolkit/xre/nsAppRunner.cpp
=====================================
@@ -319,6 +319,8 @@ static nsIProfileLock* gProfileLock;
#if defined(MOZ_HAS_REMOTE)
MOZ_RUNINIT static RefPtr<nsRemoteService> gRemoteService;
MOZ_RUNINIT static RefPtr<nsStartupLock> gStartupLock;
+// tor-browser#43107: Disable remoting by default.
+bool gDisableRemoting = true;
#endif
int gRestartArgc;
@@ -2116,7 +2118,7 @@ nsresult
ScopedXPCOMStartup::SetWindowCreator(nsINativeAppSupport* native) {
/* static */ already_AddRefed<nsIRemoteService> GetRemoteService() {
AssertIsOnMainThread();
- if (!gRemoteService) {
+ if (!gRemoteService && !gDisableRemoting) {
gRemoteService = new nsRemoteService();
}
nsCOMPtr<nsIRemoteService> remoteService = gRemoteService.get();
@@ -2176,8 +2178,7 @@ static void DumpHelp() {
" --origin-to-force-quic-on <origin>\n"
" Force to use QUIC for the specified origin.\n"
#ifdef MOZ_HAS_REMOTE
- " --new-instance Open new instance, not a new window in running "
- "instance.\n"
+ " --allow-remote Accept and send remote commands.\n"
#endif
" --safe-mode Disables extensions and themes for this session.\n"
#ifdef MOZ_BLOCK_PROFILE_DOWNGRADE
@@ -3847,9 +3848,6 @@ class XREMain {
bool mStartOffline = false;
nsAutoCString mOriginToForceQUIC;
-#if defined(MOZ_HAS_REMOTE)
- bool mDisableRemoteClient = false;
-#endif
};
#if defined(XP_UNIX) && !defined(ANDROID)
@@ -4491,15 +4489,19 @@ int XREMain::XRE_mainInit(bool* aExitFlag) {
CheckArg("no-remote");
#if defined(MOZ_HAS_REMOTE)
- // Handle the --new-instance command line arguments.
- ar = CheckArg("new-instance");
- if (ar == ARG_FOUND || EnvHasValue("MOZ_NEW_INSTANCE")) {
- mDisableRemoteClient = true;
+ // tor-browser#43107: Drop the new-instance argument and environment
+ // variables. They are confusing, because they kinda disable remoting when
+ // it's already disabled in tor-browser.
+ //
+ // The user can still enable remoting if they want to, by adding the
+ // allow-remote parameter to the command line.
+ if (CheckArg("allow-remote") == ARG_FOUND) {
+ gDisableRemoting = false;
}
#else
// These arguments do nothing in platforms with no remoting support but we
// should remove them from the command line anyway.
- CheckArg("new-instance");
+ CheckArg("allow-remote");
#endif
ar = CheckArg("offline");
@@ -4868,7 +4870,7 @@ int XREMain::XRE_mainStartup(bool* aExitFlag) {
#ifdef MOZ_HAS_REMOTE
if (gfxPlatform::IsHeadless()) {
- mDisableRemoteClient = true;
+ gDisableRemoting = true;
}
#endif
@@ -4990,8 +4992,10 @@ int XREMain::XRE_mainStartup(bool* aExitFlag) {
}
#endif
#if defined(MOZ_HAS_REMOTE)
- // handle --remote now that xpcom is fired up
- gRemoteService = new nsRemoteService();
+ if (!gDisableRemoting) {
+ // handle --remote now that xpcom is fired up
+ gRemoteService = new nsRemoteService();
+ }
if (gRemoteService) {
gRemoteService->SetProgram(gAppData->remotingName);
gStartupLock = gRemoteService->LockStartup();
@@ -5076,7 +5080,7 @@ int XREMain::XRE_mainStartup(bool* aExitFlag) {
if (NS_SUCCEEDED(rv)) {
gRemoteService->SetProfile(profilePath);
- if (!mDisableRemoteClient) {
+ if (!gDisableRemoting) {
// Try to remote the entire command line. If this fails, start up
// normally.
# ifdef MOZ_WIDGET_GTK
View it on GitLab:
https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/d37094a01f4e3d7d6d681b6c12083c1c5f020005
--
View it on GitLab:
https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/d37094a01f4e3d7d6d681b6c12083c1c5f020005
You're receiving this email because of your account on gitlab.torproject.org.
_______________________________________________
tor-commits mailing list -- [email protected]
To unsubscribe send an email to [email protected]
