mirror of
https://github.com/bitwarden/browser
synced 2025-12-18 01:03:35 +00:00
Add rust module to prevent run-time memory dumping of main (#9393)
This commit is contained in:
Bernd Schoolmann
GitHub
@@ -8,6 +8,7 @@ import { firstValueFrom } from "rxjs";
|
||||
import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
|
||||
import { AbstractStorageService } from "@bitwarden/common/platform/abstractions/storage.service";
|
||||
import { BiometricStateService } from "@bitwarden/common/platform/biometrics/biometric-state.service";
|
||||
import { processisolations } from "@bitwarden/desktop-napi";
|
||||
|
||||
import { WindowState } from "../platform/models/domain/window-state";
|
||||
import { DesktopSettingsService } from "../platform/services/desktop-settings.service";
|
||||
@@ -31,6 +32,7 @@ export class WindowMain {
|
||||
private windowStateChangeTimer: NodeJS.Timeout;
|
||||
private windowStates: { [key: string]: WindowState } = {};
|
||||
private enableAlwaysOnTop = false;
|
||||
private enableRendererProcessForceCrashReload = false;
|
||||
session: Electron.Session;
|
||||
|
||||
readonly defaultWidth = 950;
|
||||
@@ -53,9 +55,11 @@ export class WindowMain {
|
||||
this.win.setBackgroundColor(await this.getBackgroundColor());
|
||||
|
||||
// By default some linux distro collect core dumps on crashes which gets written to disk.
|
||||
const crashEvent = once(this.win.webContents, "render-process-gone");
|
||||
this.win.webContents.forcefullyCrashRenderer();
|
||||
await crashEvent;
|
||||
if (this.enableRendererProcessForceCrashReload) {
|
||||
const crashEvent = once(this.win.webContents, "render-process-gone");
|
||||
this.win.webContents.forcefullyCrashRenderer();
|
||||
await crashEvent;
|
||||
}
|
||||
|
||||
this.win.webContents.reloadIgnoringCache();
|
||||
// FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
|
||||
@@ -101,6 +105,31 @@ export class WindowMain {
|
||||
// initialization and is ready to create browser windows.
|
||||
// Some APIs can only be used after this event occurs.
|
||||
app.on("ready", async () => {
|
||||
if (isMac() || isWindows()) {
|
||||
this.enableRendererProcessForceCrashReload = true;
|
||||
} else if (isLinux() && !isDev()) {
|
||||
if (await processisolations.isCoreDumpingDisabled()) {
|
||||
this.logService.info("Coredumps are disabled in renderer process");
|
||||
this.enableRendererProcessForceCrashReload = true;
|
||||
} else {
|
||||
this.logService.info("Disabling coredumps in main process");
|
||||
try {
|
||||
await processisolations.disableCoredumps();
|
||||
} catch (e) {
|
||||
this.logService.error("Failed to disable coredumps", e);
|
||||
}
|
||||
}
|
||||
|
||||
this.logService.info(
|
||||
"Disabling external memory dumps & debugger access in main process",
|
||||
);
|
||||
try {
|
||||
await processisolations.disableMemoryAccess();
|
||||
} catch (e) {
|
||||
this.logService.error("Failed to disable memory access", e);
|
||||
}
|
||||
}
|
||||
|
||||
await this.createWindow();
|
||||
resolve();
|
||||
if (this.argvCallback != null) {
|
||||
|
||||
Reference in New Issue
Block a user