Commit 0b16ea7a authored by brizental's avatar brizental Committed by Pier Angelo Vendrame
Browse files

TB 43107: Disable remoting by default 

Unless the `--allow-remote` flag is provided when starting the
applicaton.

Also removes the support for the `--new-instance` flag which does a
similar job of disabling remoting, but only disables it for the current
instance.
parent 55c9bf87

toolkit/components/remote/nsRemoteService.cpp

+7 −2
Original line number Diff line number Diff line
@@ -50,7 +50,8 @@ nsStartupLock::~nsStartupLock() { 


NS_IMPL_ISUPPORTS(nsRemoteService, nsIObserver, nsIRemoteService)



nsRemoteService::nsRemoteService() : mProgram("mozilla") {

nsRemoteService::nsRemoteService(bool aRemotingEnabled)

    : mRemotingEnabled(aRemotingEnabled), mProgram("mozilla") {

  ToLowerCase(mProgram);

}
@@ -191,6 +192,10 @@ nsresult nsRemoteService::SendCommandLine(const nsACString& aProfile, 
    return NS_ERROR_FAILURE;

  }



  if (!mRemotingEnabled) {

    return NS_ERROR_NOT_AVAILABLE;

  }



  UniquePtr<nsRemoteClient> client;

#ifdef MOZ_WIDGET_GTK

#  if defined(MOZ_ENABLE_DBUS)
@@ -246,7 +251,7 @@ nsresult nsRemoteService::StartClient() { 
}



void nsRemoteService::StartupServer() {

  if (mRemoteServer) {

  if (mRemoteServer || !mRemotingEnabled) {

    return;

  }

toolkit/components/remote/nsRemoteService.h

+2 −1
Original line number Diff line number Diff line
@@ -36,7 +36,7 @@ class nsRemoteService final : public nsIObserver, public nsIRemoteService { 
  NS_DECL_NSIOBSERVER

  NS_DECL_NSIREMOTESERVICE



  nsRemoteService();

  nsRemoteService(bool aRemotingEnabled);

  void SetProgram(const char* aProgram);

  void SetProfile(nsACString& aProfile);

#ifdef MOZ_WIDGET_GTK
@@ -88,6 +88,7 @@ class nsRemoteService final : public nsIObserver, public nsIRemoteService { 
  nsresult SendCommandLine(const nsACString& aProfile, size_t aArgc,

                           const char** aArgv, bool aRaise);



  bool mRemotingEnabled;

  mozilla::UniquePtr<nsRemoteServer> mRemoteServer;

  nsCString mProgram;

  nsCString mProfile;

toolkit/xre/nsAppRunner.cpp

+16 −14
Original line number Diff line number Diff line
@@ -314,6 +314,8 @@ static nsIProfileLock* gProfileLock; 
#if defined(MOZ_HAS_REMOTE)

constinit static RefPtr<nsRemoteService> gRemoteService;

constinit static RefPtr<nsStartupLock> gStartupLock;

// tor-browser#43107: Disable remoting by default.

bool gEnableRemoting = false;

#endif



int gRestartArgc;
@@ -2084,7 +2086,7 @@ nsresult ScopedXPCOMStartup::SetWindowCreator(nsINativeAppSupport* native) { 
  AssertIsOnMainThread();



  if (!gRemoteService) {

    gRemoteService = new nsRemoteService();

    gRemoteService = new nsRemoteService(gEnableRemoting);

  }

  nsCOMPtr<nsIRemoteService> remoteService = gRemoteService.get();

  return remoteService.forget();
@@ -2143,8 +2145,7 @@ static void DumpHelp() { 
      "  --origin-to-force-quic-on <origin>\n"

      "                     Force to use QUIC for the specified origin.\n"

#ifdef MOZ_HAS_REMOTE

      "  --new-instance     Open new instance, not a new window in running "

      "instance.\n"

      "  --allow-remote     Accept and send remote commands.\n"

#endif

      "  --safe-mode        Disables extensions and themes for this session.\n"

#ifdef MOZ_BLOCK_PROFILE_DOWNGRADE
@@ -3904,9 +3905,6 @@ class XREMain { 


  bool mStartOffline = false;

  nsAutoCString mOriginToForceQUIC;

#if defined(MOZ_HAS_REMOTE)

  bool mDisableRemoteClient = false;

#endif

};



#if defined(XP_UNIX) && !defined(ANDROID)
@@ -4546,15 +4544,19 @@ int XREMain::XRE_mainInit(bool* aExitFlag, 
  CheckArg("no-remote");



#if defined(MOZ_HAS_REMOTE)

  // Handle the --new-instance command line arguments.

  ar = CheckArg("new-instance");

  if (ar == ARG_FOUND || EnvHasValue("MOZ_NEW_INSTANCE")) {

    mDisableRemoteClient = true;

  // tor-browser#43107: Drop the new-instance argument and environment

  // variables. They are confusing, because they kinda disable remoting when

  // it's already disabled in tor-browser.

  //

  // The user can still enable remoting if they want to, by adding the

  // allow-remote parameter to the command line.

  if (CheckArg("allow-remote") == ARG_FOUND) {

    gEnableRemoting = true;

  }

#else

  // These arguments do nothing in platforms with no remoting support but we

  // should remove them from the command line anyway.

  CheckArg("new-instance");

  CheckArg("allow-remote");

#endif



#ifndef XP_WIN
@@ -4948,7 +4950,7 @@ int XREMain::XRE_mainStartup(bool* aExitFlag, 


#ifdef MOZ_HAS_REMOTE

  if (gfxPlatform::IsHeadless()) {

    mDisableRemoteClient = true;

    gEnableRemoting = false;

  }

#endif
@@ -5074,7 +5076,7 @@ int XREMain::XRE_mainStartup(bool* aExitFlag, 
#endif

#if defined(MOZ_HAS_REMOTE)

  // handle --remote now that xpcom is fired up

  gRemoteService = new nsRemoteService();

  gRemoteService = new nsRemoteService(gEnableRemoting);

  if (gRemoteService) {

    gRemoteService->SetProgram(gAppData->remotingName);

    gStartupLock = gRemoteService->LockStartup();
@@ -5159,7 +5161,7 @@ int XREMain::XRE_mainStartup(bool* aExitFlag, 
    if (NS_SUCCEEDED(rv)) {

      gRemoteService->SetProfile(profilePath);



      if (!mDisableRemoteClient) {

      if (gEnableRemoting) {

        // Try to remote the entire command line. If this fails, start up

        // normally.

#  ifdef MOZ_WIDGET_GTK