[PM-28220] Fix desktop deb/AppImage startup failure

[dereknance]

🎟️ Tracking

PM-28220

📔 Objective

This PR reverts a change made to the desktop client in #16136 as it unfortunately resulted in the client failing to start for deb, rpm, and AppImage builds.

📸 Screenshots

⏰ Reminders before review

• Contributor guidelines followed
• All formatters and local linters executed and passed
• Written new unit and / or integration tests where applicable
• Protected functional changes with optionality (feature flags)
• Used internationalization (i18n) for all UI strings
• CI builds passed
• Communicated to DevOps any deployment requirements
• Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

• 👍 (:+1:) or similar for great changes
• 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
• ❓ (:question:) for questions
• 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
• 🎨 (:art:) for suggestions / improvements
• ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
• 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
• ⛏ (:pick:) for minor or nitpick changes

[claude]

Claude finished @dereknance's task —— View job

---

PR Review Analysis

• Read the changed file and understand the revert
• Analyze the review feedback and concerns
• Provide comprehensive review feedback

---

Summary

This PR attempts to revert memory dumping protection but is too broad in scope. The current revert removes security protections from all Linux package types, including Flatpak which is not affected by the startup failures.

Critical Findings

Finding 1: ❌ Incomplete revert leaves codebase in inconsistent state

The PR only reverts apps/desktop/resources/linux-wrapper.sh but leaves all supporting infrastructure in place:

• apps/desktop/desktop_native/process_isolation/ directory still exists
• apps/desktop/package.json:38 still has flatpak:dev script
• apps/desktop/package.json:41 still has updated pack:lin:flatpak script
• apps/desktop/resources/com.bitwarden.desktop.devel.yaml:49-50 still references libprocess_isolation.so
• Build configuration in apps/desktop/desktop_native/build.js likely still builds the library
• apps/desktop/electron-builder.json likely still packages the library

This creates several problems:

1. Build system continues to build unused library (wasted build time)
2. Flatpak configuration references non-loaded library (LD_PRELOAD env vars set but wrapper doesn't load it)
3. Package.json scripts reference isolation patterns that are now inactive

Finding 2: ❌ Security regression affects unaffected package types

Per @quexten's review, Flatpak is not affected by the startup failures. This PR removes memory dumping protection from Flatpak unnecessarily, exposing users to security risks (passwords and keys can be dumped from renderer process memory).

Finding 3: ⚠️ Revert doesn't match the actual problem scope

The commit title says "Disable process isolation for deb,rpm,AppImage" but the implementation disables it for all non-snap packages including Flatpak.

Recommended Approach

Based on @quexten and @trmartin4's discussion, the correct fix is:

Option 1: Targeted disable (recommended)
Only disable process isolation for the affected package types (AppImage, deb, rpm) while keeping it enabled for Flatpak and snap:

# In linux-wrapper.sh, modify the condition to exclude problematic package types
if [ -z "$SNAP" ] && [ -f "$APP_PATH/libprocess_isolation.so" ]; then
  # Only enable for package types known to work
  # AppImage sets $APPIMAGE, deb/rpm don't set special env vars
  if [ -n "$FLATPAK_ID" ]; then
    # Enable for Flatpak (not affected by the bug)
    LIBPROCESS_ISOLATION_SO="$APP_PATH/libprocess_isolation.so"
    LD_PRELOAD="$LIBPROCESS_ISOLATION_SO${LD_PRELOAD:+:$LD_PRELOAD}"
    export LD_PRELOAD
  fi
fi

Option 2: Feature flag approach
Add an environment variable check to allow users to manually enable/disable if they need to work around issues.

Additional Considerations

1. Investigation needed: Why do AppImage/deb/rpm fail? Is it AppArmor-related as @quexten suggested? If so, detection logic could be added to only disable when AppArmor is present.

2. Documentation: Users affected by the bug need clear communication about the security trade-offs.

3. Follow-up task: Create a task to re-enable protection for all package types once root cause is understood.

Non-Security Items

💭 Finding 4: The commit title says "Disable process isolation for deb,rpm,AppImage" but this is a revert commit. Consider whether the title should reflect that it's a revert (though the PR title does indicate this).

---

Recommendation: This PR should not be merged as-is. Please implement a targeted fix that only disables process isolation for affected package types (AppImage, deb, rpm) while preserving security for Flatpak users.

[github-actions]

Checkmarx One – Scan Summary & Details – 9bca138a-4226-429c-8432-159ffa2ac0ee

New Issues (1)

Checkmarx found the following issues in this Pull Request

Severity	Issue	Source File / Package	Checkmarx Insight
	Missing_HSTS_Header	/apps/web/src/app/dirt/reports/pages/inactive-two-factor-report.component.ts: 143	details The web-application does not define an HSTS header, leaving it vulnerable to attack. ID: alhjfubOVRYrjEwL%2BQtMJ8mzlvY%3D Attack Vector

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 41.24%. Comparing base (9e6d0cc) to head (9f35434).
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@           Coverage Diff           @@
##             main   #17509   +/-   ##
=======================================
  Coverage   41.23%   41.24%           
=======================================
  Files        3543     3543           
  Lines      101963   101963           
  Branches    15295    15295           
=======================================
+ Hits        42048    42055    +7     
+ Misses      58152    58145    -7     
  Partials     1763     1763           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[quexten]

Instead of reverting the commit, can we consider only disabling it in the linux-wrapper.sh? The change here is re-intorducing risk of exfiltrating passwords and keys from the renderer process and there is no reason to disable it on e.g. flatpak.

[quexten]

Thank you @dereknance. Changes LGTM. I may in the future debug this further, but it's not a high priority for me as long as flatpak remains having the protections.

(Again a further argument to guide people towards the flatpak installation).