tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE
commit 1b61694baee703d9c2f626f919693d5620d35a96
parent 8685eaf79f2039aea2de6afbb592daea1f126bac
Author: Bob Owen <bobowencode@gmail.com>
Date:   Fri,  3 Oct 2025 19:42:41 +0000

Bug 1991931 - Stop using an alternate desktop for WINDOWS_UTILS utility process. r=handyman

Differential Revision: https://phabricator.services.mozilla.com/D267445

Diffstat:

Msecurity/sandbox/win/SandboxInitialization.cpp | 2--


Msecurity/sandbox/win/src/sandboxbroker/sandboxBroker.cpp | 2+-


2 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/security/sandbox/win/SandboxInitialization.cpp b/security/sandbox/win/SandboxInitialization.cpp
@@ -180,8 +180,6 @@ static sandbox::BrokerServices* InitializeBrokerServices() {
   // will be broken. This has to run before threads and windows are created.
   Unused << brokerServices->CreateAlternateDesktop(
       sandbox::Desktop::kAlternateWinstation);
-  Unused << brokerServices->CreateAlternateDesktop(
-      sandbox::Desktop::kAlternateDesktop);
 
   // Ensure the relevant mitigations are enforced.
   mozilla::sandboxing::ApplyParentProcessMitigations();
diff --git a/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp b/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
@@ -1588,7 +1588,7 @@ struct WindowsUtilitySandboxProps : public UtilitySandboxProps {
   WindowsUtilitySandboxProps() {
     mJobLevel = sandbox::JobLevel::kInteractive;
     mDelayedTokenLevel = sandbox::USER_RESTRICTED_SAME_ACCESS;
-    mDesktop = sandbox::Desktop::kAlternateDesktop;
+    mDesktop = sandbox::Desktop::kDefault;
     mInitialIntegrityLevel = sandbox::INTEGRITY_LEVEL_MEDIUM;
     mDelayedIntegrityLevel = sandbox::INTEGRITY_LEVEL_MEDIUM;
     mUseWin32kLockdown = false;