brizental pushed to branch tor-browser-140.3.0esr-15.0-1 at The Tor Project / Applications / Tor Browser Commits: d37094a0 by Beatriz Rizental at 2025-09-17T16:13:56+02:00 TB 43107: Disable remoting by default Unless the `--allow-remote` flag is provided when starting the applicaton. Also removes the support for the `--new-instance` flag which does a similar job of disabling remoting, but only disables it for the current instance. - - - - - 1 changed file: - toolkit/xre/nsAppRunner.cpp Changes: ===================================== toolkit/xre/nsAppRunner.cpp ===================================== @@ -319,6 +319,8 @@ static nsIProfileLock* gProfileLock; #if defined(MOZ_HAS_REMOTE) MOZ_RUNINIT static RefPtr<nsRemoteService> gRemoteService; MOZ_RUNINIT static RefPtr<nsStartupLock> gStartupLock; +// tor-browser#43107: Disable remoting by default. +bool gDisableRemoting = true; #endif int gRestartArgc; @@ -2116,7 +2118,7 @@ nsresult ScopedXPCOMStartup::SetWindowCreator(nsINativeAppSupport* native) { /* static */ already_AddRefed<nsIRemoteService> GetRemoteService() { AssertIsOnMainThread(); - if (!gRemoteService) { + if (!gRemoteService && !gDisableRemoting) { gRemoteService = new nsRemoteService(); } nsCOMPtr<nsIRemoteService> remoteService = gRemoteService.get(); @@ -2176,8 +2178,7 @@ static void DumpHelp() { " --origin-to-force-quic-on <origin>\n" " Force to use QUIC for the specified origin.\n" #ifdef MOZ_HAS_REMOTE - " --new-instance Open new instance, not a new window in running " - "instance.\n" + " --allow-remote Accept and send remote commands.\n" #endif " --safe-mode Disables extensions and themes for this session.\n" #ifdef MOZ_BLOCK_PROFILE_DOWNGRADE @@ -3847,9 +3848,6 @@ class XREMain { bool mStartOffline = false; nsAutoCString mOriginToForceQUIC; -#if defined(MOZ_HAS_REMOTE) - bool mDisableRemoteClient = false; -#endif }; #if defined(XP_UNIX) && !defined(ANDROID) @@ -4491,15 +4489,19 @@ int XREMain::XRE_mainInit(bool* aExitFlag) { CheckArg("no-remote"); #if defined(MOZ_HAS_REMOTE) - // Handle the --new-instance command line arguments. - ar = CheckArg("new-instance"); - if (ar == ARG_FOUND || EnvHasValue("MOZ_NEW_INSTANCE")) { - mDisableRemoteClient = true; + // tor-browser#43107: Drop the new-instance argument and environment + // variables. They are confusing, because they kinda disable remoting when + // it's already disabled in tor-browser. + // + // The user can still enable remoting if they want to, by adding the + // allow-remote parameter to the command line. + if (CheckArg("allow-remote") == ARG_FOUND) { + gDisableRemoting = false; } #else // These arguments do nothing in platforms with no remoting support but we // should remove them from the command line anyway. - CheckArg("new-instance"); + CheckArg("allow-remote"); #endif ar = CheckArg("offline"); @@ -4868,7 +4870,7 @@ int XREMain::XRE_mainStartup(bool* aExitFlag) { #ifdef MOZ_HAS_REMOTE if (gfxPlatform::IsHeadless()) { - mDisableRemoteClient = true; + gDisableRemoting = true; } #endif @@ -4990,8 +4992,10 @@ int XREMain::XRE_mainStartup(bool* aExitFlag) { } #endif #if defined(MOZ_HAS_REMOTE) - // handle --remote now that xpcom is fired up - gRemoteService = new nsRemoteService(); + if (!gDisableRemoting) { + // handle --remote now that xpcom is fired up + gRemoteService = new nsRemoteService(); + } if (gRemoteService) { gRemoteService->SetProgram(gAppData->remotingName); gStartupLock = gRemoteService->LockStartup(); @@ -5076,7 +5080,7 @@ int XREMain::XRE_mainStartup(bool* aExitFlag) { if (NS_SUCCEEDED(rv)) { gRemoteService->SetProfile(profilePath); - if (!mDisableRemoteClient) { + if (!gDisableRemoting) { // Try to remote the entire command line. If this fails, start up // normally. # ifdef MOZ_WIDGET_GTK View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/d37094a0... -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/d37094a0... You're receiving this email because of your account on gitlab.torproject.org.