From 0b4e08815ae806c000b4c27f427e118cbbc09725 Mon Sep 17 00:00:00 2001
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
Date: Sat, 4 May 2019 10:04:33 +0200
Subject: service: temporarily disable security attributes

This must be reverted before we release! See big source code comment.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
 service/service_manager.go | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/service/service_manager.go b/service/service_manager.go
index 069bf459..715b4257 100644
--- a/service/service_manager.go
+++ b/service/service_manager.go
@@ -246,9 +246,19 @@ func (service *managerService) Execute(args []string, r <-chan svc.ChangeRequest
 			log.Printf("Starting UI process for user: '%s@%s'", username, domain)
 			attr := &os.ProcAttr{
 				Sys: &syscall.SysProcAttr{
-					Token:             syscall.Token(userToken),
+					Token: syscall.Token(userToken),
+
+					/* TODO: XXX: BUG: HACK: DO NOT SHIP WITH THIS COMMENT:
+					 *  These next two lines are commented out, because:
+					 *    - We're uncertain of their correctness, especially with regards to integrity level.
+					 *    - The permissions are too tight and they interfere with some UI things like notification
+					 *      balloon icons.
+					 *  These will be reenabled once we've figured out the right way to do it, and this
+					 *  program should not ship until we've done so.
+
 					ProcessAttributes: &securityAttributes,
 					ThreadAttributes:  &securityAttributes,
+					*/
 				},
 				Files: []*os.File{devNull, devNull, devNull},
 				Env:   env,
-- 
cgit v1.2.3-59-g8ed1b