Verified Commit 3d5b81a8 authored by brizental's avatar brizental Committed by boklm
Browse files

TB 43107: Disable remoting by default 

Unless the `--allow-remote` flag is provided when starting the
applicaton.

Also removes the support for the `--new-instance` flag which does a
similar job of disabling remoting, but only disables it for the current
instance.
parent d9ead221

toolkit/xre/nsAppRunner.cpp

+19 −15
Original line number Diff line number Diff line
@@ -314,6 +314,8 @@ static nsIProfileLock* gProfileLock; 
#if defined(MOZ_HAS_REMOTE)

constinit static RefPtr<nsRemoteService> gRemoteService;

constinit static RefPtr<nsStartupLock> gStartupLock;

// tor-browser#43107: Disable remoting by default.

bool gDisableRemoting = true;

#endif



int gRestartArgc;
@@ -2094,7 +2096,7 @@ nsresult ScopedXPCOMStartup::SetWindowCreator(nsINativeAppSupport* native) { 
/* static */ already_AddRefed<nsIRemoteService> GetRemoteService() {

  AssertIsOnMainThread();



  if (!gRemoteService) {

  if (!gRemoteService && !gDisableRemoting) {

    gRemoteService = new nsRemoteService();

  }

  nsCOMPtr<nsIRemoteService> remoteService = gRemoteService.get();
@@ -2154,8 +2156,7 @@ static void DumpHelp() { 
      "  --origin-to-force-quic-on <origin>\n"

      "                     Force to use QUIC for the specified origin.\n"

#ifdef MOZ_HAS_REMOTE

      "  --new-instance     Open new instance, not a new window in running "

      "instance.\n"

      "  --allow-remote     Accept and send remote commands.\n"

#endif

      "  --safe-mode        Disables extensions and themes for this session.\n"

#ifdef MOZ_BLOCK_PROFILE_DOWNGRADE
@@ -3858,9 +3859,6 @@ class XREMain { 


  bool mStartOffline = false;

  nsAutoCString mOriginToForceQUIC;

#if defined(MOZ_HAS_REMOTE)

  bool mDisableRemoteClient = false;

#endif

};



#if defined(XP_UNIX) && !defined(ANDROID)
@@ -4491,15 +4489,19 @@ int XREMain::XRE_mainInit(bool* aExitFlag) { 
  CheckArg("no-remote");



#if defined(MOZ_HAS_REMOTE)

  // Handle the --new-instance command line arguments.

  ar = CheckArg("new-instance");

  if (ar == ARG_FOUND || EnvHasValue("MOZ_NEW_INSTANCE")) {

    mDisableRemoteClient = true;

  // tor-browser#43107: Drop the new-instance argument and environment

  // variables. They are confusing, because they kinda disable remoting when

  // it's already disabled in tor-browser.

  //

  // The user can still enable remoting if they want to, by adding the

  // allow-remote parameter to the command line.

  if (CheckArg("allow-remote") == ARG_FOUND) {

    gDisableRemoting = false;

  }

#else

  // These arguments do nothing in platforms with no remoting support but we

  // should remove them from the command line anyway.

  CheckArg("new-instance");

  CheckArg("allow-remote");

#endif



#ifndef XP_WIN
@@ -4889,7 +4891,7 @@ int XREMain::XRE_mainStartup(bool* aExitFlag) { 


#ifdef MOZ_HAS_REMOTE

  if (gfxPlatform::IsHeadless()) {

    mDisableRemoteClient = true;

    gDisableRemoting = true;

  }

#endif
@@ -5011,8 +5013,10 @@ int XREMain::XRE_mainStartup(bool* aExitFlag) { 
  }

#endif

#if defined(MOZ_HAS_REMOTE)

  if (!gDisableRemoting) {

    // handle --remote now that xpcom is fired up

    gRemoteService = new nsRemoteService();

  }

  if (gRemoteService) {

    gRemoteService->SetProgram(gAppData->remotingName);

    gStartupLock = gRemoteService->LockStartup();
@@ -5097,7 +5101,7 @@ int XREMain::XRE_mainStartup(bool* aExitFlag) { 
    if (NS_SUCCEEDED(rv)) {

      gRemoteService->SetProfile(profilePath);



      if (!mDisableRemoteClient) {

      if (!gDisableRemoting) {

        // Try to remote the entire command line. If this fails, start up

        // normally.

#  ifdef MOZ_WIDGET_GTK