bitwarden/browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser synced 2025-12-15 15:53:27 +00:00
Code Issues Releases Wiki Activity

[BEEEP|PM-25164] Prevent memory dumping on renderer on Linux (#16136)

Browse Source 
* Implement libmemory_security

* Cleanup and add script

* Remove duplicate build for flatpak

* Rename to process isolation

* Move to desktop native

* Undo changes in gitignore

* Remove after-pack changes

* Run cargo fmt

* Sort deps

* Attempt to fix windows build

* Update apps/desktop/desktop_native/process_isolation/Cargo.toml

Co-authored-by: Daniel García <dani-garcia@users.noreply.github.com>

* Revert "Remove after-pack changes"

This reverts commit c441025587.

* Fix lib process isolation not being included in build

* Fix build

* Attempt to fix build

* Attempt to fix build

* Undo

* Fix library not being included

---------

Co-authored-by: Daniel García <dani-garcia@users.noreply.github.com>
This commit is contained in:
Bernd Schoolmann
2025-10-13 15:06:41 +02:00
committed by GitHub
parent 14e7ee4818
commit a7242a1186
10 changed files with 178 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
apps/desktop/resources/com.bitwarden.desktop.devel.yaml
View File

@@ -46,4 +46,6 @@ modules:
commands:
- ulimit -c 0
- export TMPDIR="$XDG_RUNTIME_DIR/app/$FLATPAK_ID"
- export ZYPAK_LD_PRELOAD="/app/bin/libprocess_isolation.so"
- export PROCESS_ISOLATION_LD_PRELOAD="/app/bin/libprocess_isolation.so"
- exec zypak-wrapper /app/bin/bitwarden-app "$@"

13
apps/desktop/resources/linux-wrapper.sh
View File

@@ -7,12 +7,19 @@ ulimit -c 0
RAW_PATH=$(readlink -f "$0")
APP_PATH=$(dirname $RAW_PATH)
# force use of base image libdus in snap
if [ -e "/usr/lib/x86_64-linux-gnu/libdbus-1.so.3" ]
then
# force use of base image libdbus in snap
if [ -e "/usr/lib/x86_64-linux-gnu/libdbus-1.so.3" ]; then
export LD_PRELOAD="/usr/lib/x86_64-linux-gnu/libdbus-1.so.3"
fi
# If running in non-snap, add libprocess_isolation.so from app path to LD_PRELOAD
# This prevents debugger / memory dumping on all desktop processes
if [ -z "$SNAP" ] && [ -f "$APP_PATH/libprocess_isolation.so" ]; then
LIBPROCESS_ISOLATION_SO="$APP_PATH/libprocess_isolation.so"
LD_PRELOAD="$LIBPROCESS_ISOLATION_SO${LD_PRELOAD:+:$LD_PRELOAD}"
export LD_PRELOAD
fi
PARAMS="--enable-features=UseOzonePlatform,WaylandWindowDecorations --ozone-platform-hint=auto"
if [ "$USE_X11" = "true" ]; then
PARAMS=""